Android Malware Detection Using Parallel Machine Learning Classifiers

Mobile malware has continued to grow at an alarming rate despite on-going mitigation efforts. This has been much more prevalent on Android due to being an open platform that is rapidly overtaking other competing platforms in the mobile smart devices market. Recently, a new generation of Android malware families has emerged with advanced evasion capabilities which make them much more difficult to detect using conventional methods. This paper proposes and investigates a parallel machine learning based classification approach for early detection of Android malware. Using real malware samples and benign applications, a composite classification model is developed from parallel combination of heterogeneous classifiers. The empirical evaluation of the model under different combination schemes demonstrates its efficacy and potential to improve detection accuracy. More importantly, by utilizing several classifiers with diverse characteristics, their strengths can be harnessed not only for enhanced Android malware detection but also quicker white box analysis by means of the more interpretable constituent classifiers.

A New Android Malware Detection Method Using Bayesian Classification

Mobile malware has been growing in scale and complexity as smartphone usage continues to rise. Android has surpassed other mobile platforms as the most popular whilst also witnessing a dramatic increase in malware targeting the platform. A worrying trend that is emerging is the increasing sophistication of Android malware to evade detection by traditional signature-based scanners. As such, Android app marketplaces remain at risk of hosting malicious apps that could evade detection before being downloaded by unsuspecting users. Hence, in this paper we present an effective approach to alleviate this problem based on Bayesian classification models obtained from static code analysis. The models are built from a collection of code and app characteristics that provide indicators of potential malicious activities. The models are evaluated with real malware samples in the wild and results of experiments are presented to demonstrate the effectiveness of the proposed approach.

Sustainable binders for concrete: a structured approach from waste screening to binder composition development

Worldwide, the building sector requires the production of 4 billion tonnes of cement annually, consuming more than 40% of global energy. Alkali activated “cementless” binders have recently emerged as a novel eco-friendly construction material with a promising potential to replace ordinary Portland cement. These binders consist of a class of inorganic polymer formed mainly by the reaction between an alkaline solution and an aluminosilicate source. Precursor materials for this reaction can be found in secondary material streams from different industrial sectors, from energy to agro-alimentary. However, the suitability of these materials in developing the polymerisation reaction must be assessed through a detailed chemical and physical characterisation, ensuring the availability of required chemical species in the appropriate quantity and physical state. Furthermore, the binder composition needs to be defined in terms of proper alkali activation dosages, water content in the mix, and curing conditions. The mix design must satisfy mechanical requirements and compliance to desired engineering properties (workability, setting time) for ensuring the suitability of the binder in replacing Portland cement in concrete applications. This paper offers a structured approach for the development of secondary material-based binders, from their identification to mix design and production procedure development. Essential features of precursor material can be determined through chemical and physical characterisation methods and advanced microscope techniques. Important mixing parameters and binder properties requirements are examined and some examples of developed binders are reported.

High accuracy android malware detection using ensemble learning

With over 50 billion downloads and more than 1.3 million apps in Google’s official market, Android has continued to gain popularity amongst smartphone users worldwide. At the same time there has been a rise in malware targeting the platform, with more recent strains employing highly sophisticated detection avoidance techniques. As traditional signature based methods become less potent in detecting unknown malware, alternatives are needed for timely zero-day discovery. Thus this paper proposes an approach that utilizes ensemble learning for Android malware detection. It combines advantages of static analysis with the efficiency and performance of ensemble machine learning to improve Android malware detection accuracy. The machine learning models are built using a large repository of malware samples and benign apps from a leading antivirus vendor. Experimental results and analysis presented shows that the proposed method which uses a large feature space to leverage the power of ensemble learning is capable of 97.3 % to 99% detection accuracy with very low false positive rates.

Android Malware Detection: an Eigenspace Analysis Approach

The battle to mitigate Android malware has become more critical with the emergence of new strains incorporating increasingly sophisticated evasion techniques, in turn necessitating more advanced detection capabilities. Hence, in this paper we propose and evaluate a machine learning based approach based on eigenspace analysis for Android malware detection using features derived from static analysis characterization of Android applications. Empirical evaluation with a dataset of real malware and benign samples show that detection rate of over 96% with a very low false positive rate is achievable using the proposed method.

Towards automated Android app collusion detection

Android OS supports multiple communication methods between apps. This opens the possibility to carry out threats in a collaborative fashion, c.f. the Soundcomber example from 2011. In this paper we provide a concise definition of collusion and report on a number of automated detection approaches, developed in co-operation with Intel Security.

N-opcode analysis for android malware classification and categorization

Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach.

Dynalog: an automated dynamic analysis framework for characterizing android applications

Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.

Influence of process parameters on fluidised hot-melt granulation and tablet pressing of pharmaceutical powders

This study investigates the influence of process parameters on the fluidised hot melt granulation of lactose and PEG 6000, and the subsequent tablet pressing of the granules. Granulation experiments were performed to assess the effect of granulation time and binder content of the feed on the resulting granule properties such as mass mean granule size, size distribution, granule fracture stress, and granule porosity. These data were correlated using the granule growth regime model. It was found that the dominant granule growth mechanisms in this melt granulation system were nucleation followed by steady growth (PEG 10–20% w/w). However, with binder contents greater than 20% w/w, the granulation mechanism moved to the “over-wet massing” regime in which discrete granule formation could not be obtained. The granules produced in the melt fluidised bed process were subsequently pressed into tablets using an industrial tablet press. The physical properties of the tablets: fracture stress, disintegration time and friability were assessed using industry standards. These analyses indicated that particle size and binder content of the initial granules influenced the mechanical properties of the tablets. It was noted that a decrease in initial granule size resulted in an increase in the fracture stress of the tablets formed.

Cybr, a cytokine-inducible protein that binds cytohesin-1 and regulates its activity

Cytokines regulate lymphocyte development and differentiation, but precisely how they control these processes is still poorly understood. By using microarray technology to detect cytokine-induced genes, we identified a cDNA encoding Cybr, which was increased markedly in cells incubated with IL-2 and IL-12. The mRNA was most abundant in hematopoietic cells and tissues. The predicted amino acid sequence is similar to that of GRP-1-associated protein (GRASP), a recently identified retinoic acid-induced cytohesin-binding protein. Physical interaction, dependent on the coiled-coil domains of Cybr and cytohesin-1, was demonstrated by coimmunoprecipitation of the overexpressed proteins from 293T cells. Cytohesin-1, in addition to its role in cell adhesion, is a guanine nucleotide-exchange protein activator of ARF GTPases. Acceleration of guanosine 5'-O-(thiotriphosphate) binding to ARF by cytohesin-1 in vitro was enhanced by Cybr. Because the binding protein modified activation of ADP ribosylation factor by cytohesin-1, we designate this cytokine-inducible protein Cybr (cytohesin binder and regulator).

Co-melt fluidised bed granulation of pharmaceutical powders: Improvements in drug bioavailability

This study investigates the use of co-melt fluidised bed granulation for the agglomeration of model pharmaceutical powders, namely, lactose mono-hydrate, PEG 10000, poly-vinyl pyrolidone and ibuprofen as a model drug. Granulation within the co-melt system was found to follow a nucleationâ??steady growthâ??coating regime profile. Using high molecular weight PEG binder, the granulation mechanism and thus the extent of granulation was found to be significantly influenced by binder viscosity. The compression properties of the granulate within the hot fluidised bed were correlated using a novel high temperature experimental procedure. It was found that the fracture stress and fractural modulus of the materials under hot processing conditions were orders of magnitude lower than those measured under ambient conditions. A range of particle velocities within the granulator were considered based on theoretical models. After an initial period of nucleation, the Stokes deformation number analysis indicated that only velocities within the high shear region of the fluidised bed were sufficient to promote significant granule deformation and therefore, coalescence. The data also indicated that larger granules de-fluidised preventing agglomeration by coalescence. Furthermore, experimental data indicated that dissipation of the viscous molten binder to the surface was the most important factor in the latter stages of the granulation process. From a pharmaceutical perspective the inclusion of the model drug, ibuprofen, combined with PVP in the co-melt process proved to be highly significant. It was found that using DSC analysis on the formulations that the decrease in the heat of fusion associated with the melting of ibuprofen within the FHMG systems may be attributed to interaction between PVP and ibuprofen through inter-molecular hydrogen bonding. This interaction decreases the crystallinity of ibuprofen and facilitates solubilisation and bioavailability within the solid matrix.

Filling Ability and Passing Ability of Self-Consolidating Concrete

This paper reviews statistical models obtained from a composite factorial design study, which was carried out to determine the influence of three key parameters of mixture composition on filling ability and passing ability of self-consolidating concrete (SCC). This study was a part of the European project “Testing SCC”- GRD2-2000-30024. The parameters considered in this study were the dosages of water and high-range water-reducing admixture (HRWRA), and the volume of coarse aggregates. The responses of the derived statistical models were slump flow, T50 , T60, V-funnel flow time, Orimet flow time, and blocking ratio (L-box). The retention of these tests was also measured at 30 and 60 minutes after adding the first water. The models are valid for mixtures made with 188 to 208 L/m3 (317 to 350 lb/yd3) of water, 3.8 to 5.8 kg/m3 (570 to 970 mL/100 kg of binder) of HRWRA, and 220 to 360 L/m3 (5.97 to 9.76 ft3/yd3) of coarse aggregates. The utility of such models to optimize concrete mixtures and to achieve a good balance between filling ability and passing ability is discussed. Examples highlighting the usefulness of the models are presented using isoresponse surfaces to demonstrate single and coupled effects of mixture parameters on slump flow, T50 , T60 , V-funnel flow time, Orimet flow time, and blocking ratio. The paper also illustrates the various trade-offs between the mixture parameters on the derived responses that affected the filling and the passing ability.