Trojan Detection-the process of understanding the behaviour of a suspicious file has been the talk of the town these days. Existing approaches, e.g., signature-based, have not been able to classify them accurately as Trojans. This paper proposes TrojanDetector-a simple yet effective multi-layer hybrid approach for Trojan detection. TrojanDetector analyses every downloaded application and extracts and correlates its features on three layers (i.e., application-, user-, and package layer) to identify it as either a benign application or a Trojan. TrojanDetector adopts a hybrid approach, combining static and dynamic analysis characteristics, for feature extraction from any downloaded application. We have evaluated our scheme on three publicly available datasets, namely (i) CCCS- CIC-AndMal-2020, (ii) Cantagio-Mobile, and (iii) Virus share, by using simple yet state-of-the-art classifiers, namely, random forest (RF), decision tree (DT), support vector machine (SVM), and logistic regression (LR) in binary-class settings. SVM outperformed its counterparts and attained the highest accuracy of 96.64%. Extensive experimentation shows the effectiveness of our proposed Trojan detection scheme.
TrojanDetector: A Multi-Layer Hybrid Approach for Trojan Detection in Android Applications
Buriro A.
;
2022-01-01
Abstract
Trojan Detection-the process of understanding the behaviour of a suspicious file has been the talk of the town these days. Existing approaches, e.g., signature-based, have not been able to classify them accurately as Trojans. This paper proposes TrojanDetector-a simple yet effective multi-layer hybrid approach for Trojan detection. TrojanDetector analyses every downloaded application and extracts and correlates its features on three layers (i.e., application-, user-, and package layer) to identify it as either a benign application or a Trojan. TrojanDetector adopts a hybrid approach, combining static and dynamic analysis characteristics, for feature extraction from any downloaded application. We have evaluated our scheme on three publicly available datasets, namely (i) CCCS- CIC-AndMal-2020, (ii) Cantagio-Mobile, and (iii) Virus share, by using simple yet state-of-the-art classifiers, namely, random forest (RF), decision tree (DT), support vector machine (SVM), and logistic regression (LR) in binary-class settings. SVM outperformed its counterparts and attained the highest accuracy of 96.64%. Extensive experimentation shows the effectiveness of our proposed Trojan detection scheme.File | Dimensione | Formato | |
---|---|---|---|
applsci-12-10755-v2.pdf
accesso aperto
Tipologia:
Versione dell'editore
Licenza:
Creative commons
Dimensione
1.34 MB
Formato
Adobe PDF
|
1.34 MB | Adobe PDF | Visualizza/Apri |
I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.