Mining Android Bytecodes through the Eyes of Gabor Filters for Detecting Malware

dc.authoridAlam, Shahid/0000-0002-4080-8042
dc.contributor.authorAlam, Shahid
dc.contributor.authorDemir, Alper Kamil
dc.date.accessioned2025-01-06T17:36:20Z
dc.date.available2025-01-06T17:36:20Z
dc.date.issued2023
dc.description.abstractOne of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies in a localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program when transformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel technique using a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK) to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK through Gabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight is assigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used for training a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malware program and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimization algorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benign APKs, obtained a detection rate of 98.9% with 10-fold cross-validation.
dc.identifier.doi10.34028/iajit/20/2/4
dc.identifier.endpage189
dc.identifier.issn1683-3198
dc.identifier.issue2
dc.identifier.scopus2-s2.0-85149637242
dc.identifier.scopusqualityQ2
dc.identifier.startpage180
dc.identifier.urihttps://doi.org/10.34028/iajit/20/2/4
dc.identifier.urihttps://hdl.handle.net/20.500.14669/1828
dc.identifier.volume20
dc.identifier.wosWOS:000992706500004
dc.identifier.wosqualityQ3
dc.indekslendigikaynakWeb of Science
dc.indekslendigikaynakScopus
dc.language.isoen
dc.publisherZarka Private Univ
dc.relation.ispartofInternational Arab Journal of Information Technology
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı
dc.rightsinfo:eu-repo/semantics/openAccess
dc.snmzKA_20241211
dc.subjectAndroid bytecode
dc.subjectmalware analysis and detection
dc.subjectsliding window
dc.subjectgabor filters
dc.subjectgabor features
dc.subjectmachine learning
dc.titleMining Android Bytecodes through the Eyes of Gabor Filters for Detecting Malware
dc.typeArticle

Dosyalar