Skip to main content

06.09.2024

Cognitively Inspired Three-Way Decision Making and Bi-Level Evolutionary Optimization for Mobile Cybersecurity Threats Detection: A Case Study on Android Malware

verfasst von: Manel Jerbi, Zaineb Chelly Dagdia, Slim Bechikh, Lamjed Ben Said

Erschienen in: Cognitive Computation

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Malicious apps use a variety of methods to spread infections, take over computers and/or IoT devices, and steal sensitive data. Several detection techniques have been proposed to counter these attacks. Despite the promising results of recent malware detection strategies, particularly those addressing evolving threats, inefficiencies persist due to potential inconsistency in both the generated malicious malware and the pre-specified detection rules, as well as their crisp decision-making process. In this paper, we propose to address these issues by (i) considering the detection rules generation process as a Bi-Level Optimization Problem, where a competition between two levels (an upper level and a lower one) produces a set of effective detection rules capable of detecting new variants of existing and even unseen malware patterns. This bi-level strategy is subtly inspired by natural evolutionary processes, where organisms adapt and evolve through continuous interaction and competition within their environments. Furthermore, (ii) we leverage the fundamentals of Rough Set Theory, which reflects cognitive decision-making processes, to assess the true nature of artificially generated malicious patterns. This involves retaining only the consistent malicious patterns and detection rules and categorizing these rules into a three-way decision framework comprising accept, abstain, and reject options. Our novel malware detection technique outperforms several state-of-the-art methods on various Android malware datasets, accurately predicting new apps with a 96.76% accuracy rate. Moreover, our approach is versatile and effective in detecting patterns applicable to a variety of cybersecurity threats.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Wang S, Chen Z, Yan Q, Ji K, Peng L, Yang B, Conti M. Deep and broad URL feature mining for android malware detection. Inf Sci. 2020;513:600–13.CrossRef Wang S, Chen Z, Yan Q, Ji K, Peng L, Yang B, Conti M. Deep and broad URL feature mining for android malware detection. Inf Sci. 2020;513:600–13.CrossRef
2.
Zurück zum Zitat Wang Y, Wang Q, Qin X, Chen X, Xin B, Yang R. Dockerwatch: a two-phase hybrid detection of malware using various static features in container cloud. Soft Comput. 2022;1–17. Wang Y, Wang Q, Qin X, Chen X, Xin B, Yang R. Dockerwatch: a two-phase hybrid detection of malware using various static features in container cloud. Soft Comput. 2022;1–17.
3.
Zurück zum Zitat Masood Z, Majeed K, Samar R, Raja MAZ. Design of epidemic computer virus model with effect of quarantine in the presence of immunity. Fundam Inform. 2018;161(3):249–73.MathSciNetCrossRef Masood Z, Majeed K, Samar R, Raja MAZ. Design of epidemic computer virus model with effect of quarantine in the presence of immunity. Fundam Inform. 2018;161(3):249–73.MathSciNetCrossRef
4.
Zurück zum Zitat Salvakkam DB, Saravanan V, Jain PK, Pamula R. Enhanced quantum-secure ensemble intrusion detection techniques for cloud based on deep learning. Cogn Comput. 2023;1–20. Salvakkam DB, Saravanan V, Jain PK, Pamula R. Enhanced quantum-secure ensemble intrusion detection techniques for cloud based on deep learning. Cogn Comput. 2023;1–20.
5.
Zurück zum Zitat Tong F, Yan Z. A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput. 2017;103:22–31.CrossRef Tong F, Yan Z. A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput. 2017;103:22–31.CrossRef
6.
Zurück zum Zitat Martín A, Menéndez HD, Camacho D. MOCDroid: multi-objective evolutionary classifier for android malware detection. Soft Comput. 2017;21(24):7405–15.CrossRef Martín A, Menéndez HD, Camacho D. MOCDroid: multi-objective evolutionary classifier for android malware detection. Soft Comput. 2017;21(24):7405–15.CrossRef
7.
Zurück zum Zitat Xiong P, Wang X, Niu W, Zhu T, Li G. Android malware detection with contrasting permission patterns. China Commun. 2014;11(8):1–14.CrossRef Xiong P, Wang X, Niu W, Zhu T, Li G. Android malware detection with contrasting permission patterns. China Commun. 2014;11(8):1–14.CrossRef
8.
Zurück zum Zitat Chen C-M, Lai G-H, Lin J-M. Identifying threat patterns of android applications. 2017 12th Asia Joint Conference on Information Security (AsiaJCIS). IEEE: 2017. p. 69–74. Chen C-M, Lai G-H, Lin J-M. Identifying threat patterns of android applications. 2017 12th Asia Joint Conference on Information Security (AsiaJCIS). IEEE: 2017. p. 69–74.
10.
Zurück zum Zitat Zhang Q, Xie Q, Wang G. A survey on rough set theory and its applications. CAAI Trans Intell Technol. 2016;1(4):323–33.CrossRef Zhang Q, Xie Q, Wang G. A survey on rough set theory and its applications. CAAI Trans Intell Technol. 2016;1(4):323–33.CrossRef
11.
12.
Zurück zum Zitat Wang X, Miikkulainen R. MDEA: malware detection with evolutionary adversarial learning. 2020 IEEE Congress on Evolutionary Computation (CEC). IEEE: 2020. p. 1–8. Wang X, Miikkulainen R. MDEA: malware detection with evolutionary adversarial learning. 2020 IEEE Congress on Evolutionary Computation (CEC). IEEE: 2020. p. 1–8.
13.
Zurück zum Zitat Akandwanaho SM, Kooblal M. Intelligent malware detection using a neural network ensemble based on a hybrid search mechanism. Afr J Inf Commun. 2019;24:1–21. Akandwanaho SM, Kooblal M. Intelligent malware detection using a neural network ensemble based on a hybrid search mechanism. Afr J Inf Commun. 2019;24:1–21.
14.
Zurück zum Zitat Lee J, Jang H, Ha S, Yoon Y. Android malware detection using machine learning with feature selection based on the genetic algorithm. Mathematics. 2021;9(21):2813.CrossRef Lee J, Jang H, Ha S, Yoon Y. Android malware detection using machine learning with feature selection based on the genetic algorithm. Mathematics. 2021;9(21):2813.CrossRef
15.
Zurück zum Zitat Sen S, Aydogan E, Aysan AI. Coevolution of mobile malware and anti-malware. IEEE Trans Inf Forensics Secur. 2018;13(10):2563–74.CrossRef Sen S, Aydogan E, Aysan AI. Coevolution of mobile malware and anti-malware. IEEE Trans Inf Forensics Secur. 2018;13(10):2563–74.CrossRef
16.
Zurück zum Zitat Jerbi M, Dagdia ZC, Bechikh S, Said LB. On the use of artificial malicious patterns for android malware detection. Comput Sec. 2020;92:101743.CrossRef Jerbi M, Dagdia ZC, Bechikh S, Said LB. On the use of artificial malicious patterns for android malware detection. Comput Sec. 2020;92:101743.CrossRef
17.
Zurück zum Zitat Jerbi M, Dagdia ZC, Bechikh S, Said LB. Android malware detection as a bi-level problem. Comput Secur. 2022;121:102825.CrossRef Jerbi M, Dagdia ZC, Bechikh S, Said LB. Android malware detection as a bi-level problem. Comput Secur. 2022;121:102825.CrossRef
18.
Zurück zum Zitat Jerbi M, Dagdia ZC, Bechikh S, Said LB. Malware evolution and detection based on the variable precision rough set model. In: 2022 17th Conference on computer science and intelligence systems (FedCSIS). IEEE: 2022. p. 253–262. Jerbi M, Dagdia ZC, Bechikh S, Said LB. Malware evolution and detection based on the variable precision rough set model. In: 2022 17th Conference on computer science and intelligence systems (FedCSIS). IEEE: 2022. p. 253–262.
19.
Zurück zum Zitat Bhattacharya A, Goswami RT. A hybrid community based rough set feature selection technique in android malware detection. 2018;249–258 Bhattacharya A, Goswami RT. A hybrid community based rough set feature selection technique in android malware detection. 2018;249–258
20.
Zurück zum Zitat Deepa K, Radhamani G, Vinod P, Shojafar M, Kumar N, Conti M. FeatureAnalytics: an approach to derive relevant attributes for analyzing android malware. CoRR. abs/1809.09035 2018. arXiv:1809.09035 Deepa K, Radhamani G, Vinod P, Shojafar M, Kumar N, Conti M. FeatureAnalytics: an approach to derive relevant attributes for analyzing android malware. CoRR. abs/1809.09035 2018. arXiv:​1809.​09035
21.
22.
Zurück zum Zitat Sengupta N, Sen J, Sil J, Saha M. Designing of on line intrusion detection system using rough set theory and Q-learning algorithm. Neurocomputing. 2013;111:161–8.CrossRef Sengupta N, Sen J, Sil J, Saha M. Designing of on line intrusion detection system using rough set theory and Q-learning algorithm. Neurocomputing. 2013;111:161–8.CrossRef
23.
Zurück zum Zitat Zhang B, Yin J, Tang W, Hao J, Zhang D. Unknown malicious codes detection based on rough set theory and support vector machine. The 2006 IEEE International joint conference on neural network proceedings. IEEE: 2006. p. 2583–2587. Zhang B, Yin J, Tang W, Hao J, Zhang D. Unknown malicious codes detection based on rough set theory and support vector machine. The 2006 IEEE International joint conference on neural network proceedings. IEEE: 2006. p. 2583–2587.
24.
Zurück zum Zitat Bhattacharya A, Goswami RT, Mukherjee K. A feature selection technique based on rough set and improvised PSO algorithm (PSORS-FS) for permission based detection of Android malwares. Int J Mach Learn Cybern. 2019;10(7):1893–907.CrossRef Bhattacharya A, Goswami RT, Mukherjee K. A feature selection technique based on rough set and improvised PSO algorithm (PSORS-FS) for permission based detection of Android malwares. Int J Mach Learn Cybern. 2019;10(7):1893–907.CrossRef
25.
Zurück zum Zitat Penmatsa RKV, Vatsavayi VK, Samayamantula SK. Ant colony optimization-based firewall anomaly mitigation engine. SpringerPlus. 2016;5(1):1–32.CrossRef Penmatsa RKV, Vatsavayi VK, Samayamantula SK. Ant colony optimization-based firewall anomaly mitigation engine. SpringerPlus. 2016;5(1):1–32.CrossRef
26.
Zurück zum Zitat Nauman M, Azam N, Yao J. A three-way decision making approach to malware analysis using probabilistic rough sets. Inf Sci. 2016;374:193–209.CrossRef Nauman M, Azam N, Yao J. A three-way decision making approach to malware analysis using probabilistic rough sets. Inf Sci. 2016;374:193–209.CrossRef
27.
Zurück zum Zitat Golmaryami M, Taheri R, Pooranian Z, Shojafar M, Xiao P. Setti: as elf-supervised adversarial malware detection architecture in an IoT environment. ACM Trans Multimed Comput Commun Appl (TOMM). 2022;18(2s):1–21.CrossRef Golmaryami M, Taheri R, Pooranian Z, Shojafar M, Xiao P. Setti: as elf-supervised adversarial malware detection architecture in an IoT environment. ACM Trans Multimed Comput Commun Appl (TOMM). 2022;18(2s):1–21.CrossRef
28.
Zurück zum Zitat Kim J-Y, Cho S-B. Obfuscated malware detection using deep generative model based on global/local features. Comput Secur. 2022;112:102501.CrossRef Kim J-Y, Cho S-B. Obfuscated malware detection using deep generative model based on global/local features. Comput Secur. 2022;112:102501.CrossRef
30.
Zurück zum Zitat Kang M, Kim H, Lee S, Han S. Resilience against adversarial examples: data-augmentation exploiting generative adversarial networks. KSII Trans Internet Inf Syst. 2021;15(11). Kang M, Kim H, Lee S, Han S. Resilience against adversarial examples: data-augmentation exploiting generative adversarial networks. KSII Trans Internet Inf Syst. 2021;15(11).
31.
Zurück zum Zitat AbuAlghanam O, Alazzam H, Qatawneh M, Aladwan O, Alsharaiah MA, Almaiah MA. Android malware detection system based on ensemble learning. 2023. AbuAlghanam O, Alazzam H, Qatawneh M, Aladwan O, Alsharaiah MA, Almaiah MA. Android malware detection system based on ensemble learning. 2023.
32.
Zurück zum Zitat Kim J, Ban Y, Ko E, Cho H, Yi JH. Mapas: a practical deep learning-based android malware detection system. Int J Inf Secur. 2022;21(4):725–38.CrossRef Kim J, Ban Y, Ko E, Cho H, Yi JH. Mapas: a practical deep learning-based android malware detection system. Int J Inf Secur. 2022;21(4):725–38.CrossRef
33.
Zurück zum Zitat Alkahtani H, Aldhyani TH. Developing cybersecurity systems based on machine learning and deep learning algorithms for protecting food security systems: industrial control systems. Electronics. 2022;11(11):1717.CrossRef Alkahtani H, Aldhyani TH. Developing cybersecurity systems based on machine learning and deep learning algorithms for protecting food security systems: industrial control systems. Electronics. 2022;11(11):1717.CrossRef
34.
Zurück zum Zitat Millar S, McLaughlin N, Rincon JM, Miller P. Multi-view deep learning for zero-day android malware detection. J Inf Secur Appl. 2021;58:102718. Millar S, McLaughlin N, Rincon JM, Miller P. Multi-view deep learning for zero-day android malware detection. J Inf Secur Appl. 2021;58:102718.
35.
Zurück zum Zitat Mimura M, Ito R. Applying NLP techniques to malware detection in a practical environment. Int J Inf Secur. 2022;21(2):279–91.CrossRef Mimura M, Ito R. Applying NLP techniques to malware detection in a practical environment. Int J Inf Secur. 2022;21(2):279–91.CrossRef
37.
Zurück zum Zitat Sinha A, Malo P, Deb K. A review on bilevel optimization: from classical to evolutionary approaches and applications. IEEE Trans Evol Comput. 2017;22(2):276–95.CrossRef Sinha A, Malo P, Deb K. A review on bilevel optimization: from classical to evolutionary approaches and applications. IEEE Trans Evol Comput. 2017;22(2):276–95.CrossRef
38.
Zurück zum Zitat Willis M-J, Hiden HG, Marenbach P, McKay B, Montague GA. Genetic programming: an introduction and survey of applications. Second international conference on genetic algorithms in engineering systems: innovations and applications. IET: 1997. p. 314–319. Willis M-J, Hiden HG, Marenbach P, McKay B, Montague GA. Genetic programming: an introduction and survey of applications. Second international conference on genetic algorithms in engineering systems: innovations and applications. IET: 1997. p. 314–319.
39.
Zurück zum Zitat Nanni L, Lumini A. Generalized Needleman-Wunsch algorithm for the recognition of T-cell epitopes. Expert Syst Appl. 2008;35(3):1463–7.CrossRef Nanni L, Lumini A. Generalized Needleman-Wunsch algorithm for the recognition of T-cell epitopes. Expert Syst Appl. 2008;35(3):1463–7.CrossRef
40.
Zurück zum Zitat Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C. Drebin: effective and explainable detection of android malware in your pocket. Ndss. 2014;14:23–6. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C. Drebin: effective and explainable detection of android malware in your pocket. Ndss. 2014;14:23–6.
41.
Zurück zum Zitat Wei F, Li Y, Roy S, Ou X, Zhou W. Deep ground truth analysis of current android malware. International conference on detection of intrusions and malware, and vulnerability assessment. Springer: 2017. p. 252–276. Wei F, Li Y, Roy S, Ou X, Zhou W. Deep ground truth analysis of current android malware. International conference on detection of intrusions and malware, and vulnerability assessment. Springer: 2017. p. 252–276.
42.
Zurück zum Zitat Rashidi B, Fung C. Xdroid: an android permission control using hidden Markov chain and online learning. Communications and Network Security (CNS), 2016 IEEE Conference on. IEEE: 2016. p. 46–54. Rashidi B, Fung C. Xdroid: an android permission control using hidden Markov chain and online learning. Communications and Network Security (CNS), 2016 IEEE Conference on. IEEE: 2016. p. 46–54.
43.
Zurück zum Zitat Jeon S, Moon J. Malware-detection method with a convolutional recurrent neural network using opcode sequences. Inf Sci. 2020;535:1–15.MathSciNetCrossRef Jeon S, Moon J. Malware-detection method with a convolutional recurrent neural network using opcode sequences. Inf Sci. 2020;535:1–15.MathSciNetCrossRef
Metadaten
Titel
Cognitively Inspired Three-Way Decision Making and Bi-Level Evolutionary Optimization for Mobile Cybersecurity Threats Detection: A Case Study on Android Malware
verfasst von
Manel Jerbi
Zaineb Chelly Dagdia
Slim Bechikh
Lamjed Ben Said
Publikationsdatum
06.09.2024
Verlag
Springer US
Erschienen in
Cognitive Computation
Print ISSN: 1866-9956
Elektronische ISSN: 1866-9964
DOI
https://doi.org/10.1007/s12559-024-10337-6

Premium Partner