Skip to main content
Top

06-09-2024

Cognitively Inspired Three-Way Decision Making and Bi-Level Evolutionary Optimization for Mobile Cybersecurity Threats Detection: A Case Study on Android Malware

Authors: Manel Jerbi, Zaineb Chelly Dagdia, Slim Bechikh, Lamjed Ben Said

Published in: Cognitive Computation

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Malicious apps use a variety of methods to spread infections, take over computers and/or IoT devices, and steal sensitive data. Several detection techniques have been proposed to counter these attacks. Despite the promising results of recent malware detection strategies, particularly those addressing evolving threats, inefficiencies persist due to potential inconsistency in both the generated malicious malware and the pre-specified detection rules, as well as their crisp decision-making process. In this paper, we propose to address these issues by (i) considering the detection rules generation process as a Bi-Level Optimization Problem, where a competition between two levels (an upper level and a lower one) produces a set of effective detection rules capable of detecting new variants of existing and even unseen malware patterns. This bi-level strategy is subtly inspired by natural evolutionary processes, where organisms adapt and evolve through continuous interaction and competition within their environments. Furthermore, (ii) we leverage the fundamentals of Rough Set Theory, which reflects cognitive decision-making processes, to assess the true nature of artificially generated malicious patterns. This involves retaining only the consistent malicious patterns and detection rules and categorizing these rules into a three-way decision framework comprising accept, abstain, and reject options. Our novel malware detection technique outperforms several state-of-the-art methods on various Android malware datasets, accurately predicting new apps with a 96.76% accuracy rate. Moreover, our approach is versatile and effective in detecting patterns applicable to a variety of cybersecurity threats.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference Wang S, Chen Z, Yan Q, Ji K, Peng L, Yang B, Conti M. Deep and broad URL feature mining for android malware detection. Inf Sci. 2020;513:600–13.CrossRef Wang S, Chen Z, Yan Q, Ji K, Peng L, Yang B, Conti M. Deep and broad URL feature mining for android malware detection. Inf Sci. 2020;513:600–13.CrossRef
2.
go back to reference Wang Y, Wang Q, Qin X, Chen X, Xin B, Yang R. Dockerwatch: a two-phase hybrid detection of malware using various static features in container cloud. Soft Comput. 2022;1–17. Wang Y, Wang Q, Qin X, Chen X, Xin B, Yang R. Dockerwatch: a two-phase hybrid detection of malware using various static features in container cloud. Soft Comput. 2022;1–17.
3.
go back to reference Masood Z, Majeed K, Samar R, Raja MAZ. Design of epidemic computer virus model with effect of quarantine in the presence of immunity. Fundam Inform. 2018;161(3):249–73.MathSciNetCrossRef Masood Z, Majeed K, Samar R, Raja MAZ. Design of epidemic computer virus model with effect of quarantine in the presence of immunity. Fundam Inform. 2018;161(3):249–73.MathSciNetCrossRef
4.
go back to reference Salvakkam DB, Saravanan V, Jain PK, Pamula R. Enhanced quantum-secure ensemble intrusion detection techniques for cloud based on deep learning. Cogn Comput. 2023;1–20. Salvakkam DB, Saravanan V, Jain PK, Pamula R. Enhanced quantum-secure ensemble intrusion detection techniques for cloud based on deep learning. Cogn Comput. 2023;1–20.
5.
go back to reference Tong F, Yan Z. A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput. 2017;103:22–31.CrossRef Tong F, Yan Z. A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput. 2017;103:22–31.CrossRef
6.
go back to reference Martín A, Menéndez HD, Camacho D. MOCDroid: multi-objective evolutionary classifier for android malware detection. Soft Comput. 2017;21(24):7405–15.CrossRef Martín A, Menéndez HD, Camacho D. MOCDroid: multi-objective evolutionary classifier for android malware detection. Soft Comput. 2017;21(24):7405–15.CrossRef
7.
go back to reference Xiong P, Wang X, Niu W, Zhu T, Li G. Android malware detection with contrasting permission patterns. China Commun. 2014;11(8):1–14.CrossRef Xiong P, Wang X, Niu W, Zhu T, Li G. Android malware detection with contrasting permission patterns. China Commun. 2014;11(8):1–14.CrossRef
8.
go back to reference Chen C-M, Lai G-H, Lin J-M. Identifying threat patterns of android applications. 2017 12th Asia Joint Conference on Information Security (AsiaJCIS). IEEE: 2017. p. 69–74. Chen C-M, Lai G-H, Lin J-M. Identifying threat patterns of android applications. 2017 12th Asia Joint Conference on Information Security (AsiaJCIS). IEEE: 2017. p. 69–74.
10.
go back to reference Zhang Q, Xie Q, Wang G. A survey on rough set theory and its applications. CAAI Trans Intell Technol. 2016;1(4):323–33.CrossRef Zhang Q, Xie Q, Wang G. A survey on rough set theory and its applications. CAAI Trans Intell Technol. 2016;1(4):323–33.CrossRef
11.
12.
go back to reference Wang X, Miikkulainen R. MDEA: malware detection with evolutionary adversarial learning. 2020 IEEE Congress on Evolutionary Computation (CEC). IEEE: 2020. p. 1–8. Wang X, Miikkulainen R. MDEA: malware detection with evolutionary adversarial learning. 2020 IEEE Congress on Evolutionary Computation (CEC). IEEE: 2020. p. 1–8.
13.
go back to reference Akandwanaho SM, Kooblal M. Intelligent malware detection using a neural network ensemble based on a hybrid search mechanism. Afr J Inf Commun. 2019;24:1–21. Akandwanaho SM, Kooblal M. Intelligent malware detection using a neural network ensemble based on a hybrid search mechanism. Afr J Inf Commun. 2019;24:1–21.
14.
go back to reference Lee J, Jang H, Ha S, Yoon Y. Android malware detection using machine learning with feature selection based on the genetic algorithm. Mathematics. 2021;9(21):2813.CrossRef Lee J, Jang H, Ha S, Yoon Y. Android malware detection using machine learning with feature selection based on the genetic algorithm. Mathematics. 2021;9(21):2813.CrossRef
15.
go back to reference Sen S, Aydogan E, Aysan AI. Coevolution of mobile malware and anti-malware. IEEE Trans Inf Forensics Secur. 2018;13(10):2563–74.CrossRef Sen S, Aydogan E, Aysan AI. Coevolution of mobile malware and anti-malware. IEEE Trans Inf Forensics Secur. 2018;13(10):2563–74.CrossRef
16.
go back to reference Jerbi M, Dagdia ZC, Bechikh S, Said LB. On the use of artificial malicious patterns for android malware detection. Comput Sec. 2020;92:101743.CrossRef Jerbi M, Dagdia ZC, Bechikh S, Said LB. On the use of artificial malicious patterns for android malware detection. Comput Sec. 2020;92:101743.CrossRef
17.
go back to reference Jerbi M, Dagdia ZC, Bechikh S, Said LB. Android malware detection as a bi-level problem. Comput Secur. 2022;121:102825.CrossRef Jerbi M, Dagdia ZC, Bechikh S, Said LB. Android malware detection as a bi-level problem. Comput Secur. 2022;121:102825.CrossRef
18.
go back to reference Jerbi M, Dagdia ZC, Bechikh S, Said LB. Malware evolution and detection based on the variable precision rough set model. In: 2022 17th Conference on computer science and intelligence systems (FedCSIS). IEEE: 2022. p. 253–262. Jerbi M, Dagdia ZC, Bechikh S, Said LB. Malware evolution and detection based on the variable precision rough set model. In: 2022 17th Conference on computer science and intelligence systems (FedCSIS). IEEE: 2022. p. 253–262.
19.
go back to reference Bhattacharya A, Goswami RT. A hybrid community based rough set feature selection technique in android malware detection. 2018;249–258 Bhattacharya A, Goswami RT. A hybrid community based rough set feature selection technique in android malware detection. 2018;249–258
20.
go back to reference Deepa K, Radhamani G, Vinod P, Shojafar M, Kumar N, Conti M. FeatureAnalytics: an approach to derive relevant attributes for analyzing android malware. CoRR. abs/1809.09035 2018. arXiv:1809.09035 Deepa K, Radhamani G, Vinod P, Shojafar M, Kumar N, Conti M. FeatureAnalytics: an approach to derive relevant attributes for analyzing android malware. CoRR. abs/1809.09035 2018. arXiv:​1809.​09035
22.
go back to reference Sengupta N, Sen J, Sil J, Saha M. Designing of on line intrusion detection system using rough set theory and Q-learning algorithm. Neurocomputing. 2013;111:161–8.CrossRef Sengupta N, Sen J, Sil J, Saha M. Designing of on line intrusion detection system using rough set theory and Q-learning algorithm. Neurocomputing. 2013;111:161–8.CrossRef
23.
go back to reference Zhang B, Yin J, Tang W, Hao J, Zhang D. Unknown malicious codes detection based on rough set theory and support vector machine. The 2006 IEEE International joint conference on neural network proceedings. IEEE: 2006. p. 2583–2587. Zhang B, Yin J, Tang W, Hao J, Zhang D. Unknown malicious codes detection based on rough set theory and support vector machine. The 2006 IEEE International joint conference on neural network proceedings. IEEE: 2006. p. 2583–2587.
24.
go back to reference Bhattacharya A, Goswami RT, Mukherjee K. A feature selection technique based on rough set and improvised PSO algorithm (PSORS-FS) for permission based detection of Android malwares. Int J Mach Learn Cybern. 2019;10(7):1893–907.CrossRef Bhattacharya A, Goswami RT, Mukherjee K. A feature selection technique based on rough set and improvised PSO algorithm (PSORS-FS) for permission based detection of Android malwares. Int J Mach Learn Cybern. 2019;10(7):1893–907.CrossRef
25.
go back to reference Penmatsa RKV, Vatsavayi VK, Samayamantula SK. Ant colony optimization-based firewall anomaly mitigation engine. SpringerPlus. 2016;5(1):1–32.CrossRef Penmatsa RKV, Vatsavayi VK, Samayamantula SK. Ant colony optimization-based firewall anomaly mitigation engine. SpringerPlus. 2016;5(1):1–32.CrossRef
26.
go back to reference Nauman M, Azam N, Yao J. A three-way decision making approach to malware analysis using probabilistic rough sets. Inf Sci. 2016;374:193–209.CrossRef Nauman M, Azam N, Yao J. A three-way decision making approach to malware analysis using probabilistic rough sets. Inf Sci. 2016;374:193–209.CrossRef
27.
go back to reference Golmaryami M, Taheri R, Pooranian Z, Shojafar M, Xiao P. Setti: as elf-supervised adversarial malware detection architecture in an IoT environment. ACM Trans Multimed Comput Commun Appl (TOMM). 2022;18(2s):1–21.CrossRef Golmaryami M, Taheri R, Pooranian Z, Shojafar M, Xiao P. Setti: as elf-supervised adversarial malware detection architecture in an IoT environment. ACM Trans Multimed Comput Commun Appl (TOMM). 2022;18(2s):1–21.CrossRef
28.
go back to reference Kim J-Y, Cho S-B. Obfuscated malware detection using deep generative model based on global/local features. Comput Secur. 2022;112:102501.CrossRef Kim J-Y, Cho S-B. Obfuscated malware detection using deep generative model based on global/local features. Comput Secur. 2022;112:102501.CrossRef
30.
go back to reference Kang M, Kim H, Lee S, Han S. Resilience against adversarial examples: data-augmentation exploiting generative adversarial networks. KSII Trans Internet Inf Syst. 2021;15(11). Kang M, Kim H, Lee S, Han S. Resilience against adversarial examples: data-augmentation exploiting generative adversarial networks. KSII Trans Internet Inf Syst. 2021;15(11).
31.
go back to reference AbuAlghanam O, Alazzam H, Qatawneh M, Aladwan O, Alsharaiah MA, Almaiah MA. Android malware detection system based on ensemble learning. 2023. AbuAlghanam O, Alazzam H, Qatawneh M, Aladwan O, Alsharaiah MA, Almaiah MA. Android malware detection system based on ensemble learning. 2023.
32.
go back to reference Kim J, Ban Y, Ko E, Cho H, Yi JH. Mapas: a practical deep learning-based android malware detection system. Int J Inf Secur. 2022;21(4):725–38.CrossRef Kim J, Ban Y, Ko E, Cho H, Yi JH. Mapas: a practical deep learning-based android malware detection system. Int J Inf Secur. 2022;21(4):725–38.CrossRef
33.
go back to reference Alkahtani H, Aldhyani TH. Developing cybersecurity systems based on machine learning and deep learning algorithms for protecting food security systems: industrial control systems. Electronics. 2022;11(11):1717.CrossRef Alkahtani H, Aldhyani TH. Developing cybersecurity systems based on machine learning and deep learning algorithms for protecting food security systems: industrial control systems. Electronics. 2022;11(11):1717.CrossRef
34.
go back to reference Millar S, McLaughlin N, Rincon JM, Miller P. Multi-view deep learning for zero-day android malware detection. J Inf Secur Appl. 2021;58:102718. Millar S, McLaughlin N, Rincon JM, Miller P. Multi-view deep learning for zero-day android malware detection. J Inf Secur Appl. 2021;58:102718.
35.
go back to reference Mimura M, Ito R. Applying NLP techniques to malware detection in a practical environment. Int J Inf Secur. 2022;21(2):279–91.CrossRef Mimura M, Ito R. Applying NLP techniques to malware detection in a practical environment. Int J Inf Secur. 2022;21(2):279–91.CrossRef
37.
go back to reference Sinha A, Malo P, Deb K. A review on bilevel optimization: from classical to evolutionary approaches and applications. IEEE Trans Evol Comput. 2017;22(2):276–95.CrossRef Sinha A, Malo P, Deb K. A review on bilevel optimization: from classical to evolutionary approaches and applications. IEEE Trans Evol Comput. 2017;22(2):276–95.CrossRef
38.
go back to reference Willis M-J, Hiden HG, Marenbach P, McKay B, Montague GA. Genetic programming: an introduction and survey of applications. Second international conference on genetic algorithms in engineering systems: innovations and applications. IET: 1997. p. 314–319. Willis M-J, Hiden HG, Marenbach P, McKay B, Montague GA. Genetic programming: an introduction and survey of applications. Second international conference on genetic algorithms in engineering systems: innovations and applications. IET: 1997. p. 314–319.
39.
go back to reference Nanni L, Lumini A. Generalized Needleman-Wunsch algorithm for the recognition of T-cell epitopes. Expert Syst Appl. 2008;35(3):1463–7.CrossRef Nanni L, Lumini A. Generalized Needleman-Wunsch algorithm for the recognition of T-cell epitopes. Expert Syst Appl. 2008;35(3):1463–7.CrossRef
40.
go back to reference Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C. Drebin: effective and explainable detection of android malware in your pocket. Ndss. 2014;14:23–6. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C. Drebin: effective and explainable detection of android malware in your pocket. Ndss. 2014;14:23–6.
41.
go back to reference Wei F, Li Y, Roy S, Ou X, Zhou W. Deep ground truth analysis of current android malware. International conference on detection of intrusions and malware, and vulnerability assessment. Springer: 2017. p. 252–276. Wei F, Li Y, Roy S, Ou X, Zhou W. Deep ground truth analysis of current android malware. International conference on detection of intrusions and malware, and vulnerability assessment. Springer: 2017. p. 252–276.
42.
go back to reference Rashidi B, Fung C. Xdroid: an android permission control using hidden Markov chain and online learning. Communications and Network Security (CNS), 2016 IEEE Conference on. IEEE: 2016. p. 46–54. Rashidi B, Fung C. Xdroid: an android permission control using hidden Markov chain and online learning. Communications and Network Security (CNS), 2016 IEEE Conference on. IEEE: 2016. p. 46–54.
43.
go back to reference Jeon S, Moon J. Malware-detection method with a convolutional recurrent neural network using opcode sequences. Inf Sci. 2020;535:1–15.MathSciNetCrossRef Jeon S, Moon J. Malware-detection method with a convolutional recurrent neural network using opcode sequences. Inf Sci. 2020;535:1–15.MathSciNetCrossRef
Metadata
Title
Cognitively Inspired Three-Way Decision Making and Bi-Level Evolutionary Optimization for Mobile Cybersecurity Threats Detection: A Case Study on Android Malware
Authors
Manel Jerbi
Zaineb Chelly Dagdia
Slim Bechikh
Lamjed Ben Said
Publication date
06-09-2024
Publisher
Springer US
Published in
Cognitive Computation
Print ISSN: 1866-9956
Electronic ISSN: 1866-9964
DOI
https://doi.org/10.1007/s12559-024-10337-6

Premium Partner