Android Malware Detection Using Machine Learning: Data-Driven Fingerprinting and Threat Intelligence
暫譯: 使用機器學習的Android惡意軟體檢測:數據驅動的指紋識別與威脅情報

Karbab, Elmouatez Billah, Debbabi, Mourad, Derhab, Abdelouahid

  • 出版商: Springer
  • 出版日期: 2021-07-11
  • 售價: $7,870
  • 貴賓價: 9.5$7,477
  • 語言: 英文
  • 頁數: 202
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 3030746631
  • ISBN-13: 9783030746636
  • 相關分類: AndroidMachine Learning
  • 海外代購書籍(需單獨結帳)


The authors develop a malware fingerprinting framework to cover accurate android malware detection and family attribution in this book. The authors emphasize the following: (1) the scalability over a large malware corpus; (2) the resiliency to common obfuscation techniques; (3) the portability over different platforms and architectures.
First, the authors propose an approximate fingerprinting technique for android packaging that captures the underlying static structure of the android applications in the context of bulk and offline detection at the app-market level. This book proposes a malware clustering framework to perform malware clustering by building and partitioning the similarity network of malicious applications on top of this fingerprinting technique. Second, the authors propose an approximate fingerprinting technique that leverages dynamic analysis and natural language processing techniques to generate Android malware behavior reports. Based on this fingerprinting technique, the authors propose a portable malware detection framework employing machine learning classification. Third, the authors design an automatic framework to produce intelligence about the underlying malicious cyber-infrastructures of Android malware. The authors then leverage graph analysis techniques to generate relevant intelligence to identify the threat effects of malicious Internet activity associated with android malware.
The authors elaborate on an effective android malware detection system, in the online detection context at the mobile device level. It is suitable for deployment on mobile devices, using machine learning classification on method call sequences. Also, it is resilient to common code obfuscation techniques and adaptive to operating systems and malware change overtime, using natural language processing and deep learning techniques.
Researchers working in mobile and network security, machine learning and pattern recognition will find this book useful as a reference. Advanced-level students studying computer science within these topic areas will purchase this book as well.


本書的作者開發了一個惡意軟體指紋識別框架,以實現準確的 Android 惡意軟體檢測和家族歸屬。作者強調以下幾點:(1) 在大型惡意軟體資料庫上的可擴展性;(2) 對常見混淆技術的韌性;(3) 在不同平台和架構上的可攜性。

首先,作者提出了一種近似指紋識別技術,用於 Android 包裝,捕捉 Android 應用程式的基本靜態結構,適用於應用市場層級的大量和離線檢測。本書提出了一個惡意軟體聚類框架,通過在此指紋識別技術之上構建和劃分惡意應用程式的相似性網絡來執行惡意軟體聚類。其次,作者提出了一種近似指紋識別技術,利用動態分析和自然語言處理技術生成 Android 惡意軟體行為報告。基於這種指紋識別技術,作者提出了一個可攜式的惡意軟體檢測框架,採用機器學習分類。第三,作者設計了一個自動化框架,以生成有關 Android 惡意軟體的潛在惡意網路基礎設施的情報。然後,作者利用圖形分析技術生成相關情報,以識別與 Android 惡意軟體相關的惡意網路活動的威脅影響。

作者詳細闡述了一個有效的 Android 惡意軟體檢測系統,適用於移動設備層級的在線檢測。它適合在移動設備上部署,使用機器學習分類方法調用序列。此外,它對常見的代碼混淆技術具有韌性,並能適應操作系統和惡意軟體隨時間的變化,使用自然語言處理和深度學習技術。



Dr. ElMouatez Billah Karbab is a researcher at Concordia University, Montreal, Canada. His research focuses on applied machine learning techniques on malware fingerprinting and mobile & IoT security. He is a research scientist at the National Cyber Forensic and Training Alliance (NCFTA) of Canada, an international organization which focuses on the investigation of cyber-crimes. He is also serving as a data scientist and cyber-security specialist at NCFTA Canada. He served as an associate researcher at Research Centre for Scientific and Technical Information (CERIST), Algeria, where he worked on international projects in collaboration with the university of Cape Town, South Africa, and Heudiasyc Lab, France. ElMouatez has published many peer-reviewed research articles in international journals and conferences on malware fingerprinting using machine learning techniques, cyber security, and embedded systems.
Mourad Debbabi is Professor at the Concordia Institute for Information Systems Engineering and Interim Dean of the Gina Cody School of Engineering and Computer Science. He holds the NSERC/Hydro-Quebec Thales Senior Industrial Research Chair in Smart Grid Security. He is a member of the Cybersecurity Advisory Board to the Minister of Digital Transformation, and a member of the Advisory Board of the Cybercrime Council. He serves/served on the boards of Canadian Police College, PROMPT Québec and Calcul Québec. He is the founder and Director of the Security Research Centre at Concordia University. Dr. Debbabi holds Ph.D. and M.Sc. degrees in computer science from Université Paris-XI Orsay, France, and an Engineering degree from Université de Constantine. He has published 6 books and more than 300 peer-reviewed research articles in international journals and conferences on cyber security, cyber forensics, smart grids, privacy, cryptographic protocols, threat intelligence generation, malware analysis, reverse engineering, specification and verification of safety-critical systems, programming languages and type theory. He has supervised to successful completion 33 Ph.D. students, 76 Master students and 14 Postdoctoral Fellows. He served as a Senior Scientist at the Panasonic Information and Network Technologies Laboratory, Princeton, New Jersey, USA; Associate Professor at the Computer Science Department of Laval University, Canada; Senior Scientist at General Electric Research Center, New York, USA; Research Associate at the Computer Science Department of Stanford University, California, USA; and Permanent Researcher at the Bull Corporate Research Center, Paris, France.
Dr. Abdelouahid Derhab received the Engineer's, MSc, and PhD degrees in computer science from University of Sciences and Technology Houari Boummediene (USTHB), Algiers, in 2001, 2003, and 2007 respectively. He was a full-time researcher at CERIST research center in Algeria from 2002 to 2012. He was an Assistant Professor at King Saud University from 2012 to 2018. He is currently an Associate Professor at the Center of Excellence in Information Assurance (COEIA), King Saud University. He served as a lead guest editor of some peer-reviewed journals. He also served as workshop chair, technical committee chair, and reviewer for many journals and international conferences. He is the author of more than 100 papers in different peer-reviewed journals conferences, and book chapters. He is also a cyber security policy analyst at Global Foundation for Cyber Studies and Research (GFCYBER). His research interests are: malware analysis, network security, intrusion detection, mobile security, Internet of things, smart grid, blockchain, and cyber security policies.
Dr. Djedjiga Mouheb is an Assistant Professor at the Department of Computer Science, College of Computing and Informatics, University of Sharjah, UAE. She is a member of the University's Information and Network Security Research Group. Her research interests include social networking security, social bots, malware analysis, software fingerprinting, investigation of cyber-threat infrastructures, and software security. Before joining University of Sharjah, she was a Postdoctoral Fellow at Concordia University, Montreal, Canada. She was also a member of the National Cyber Forensics and Training Alliance (NCFTA) Canada. She holds a PhD degree in Computer Science from Concordia University, Montreal, Canada, Master's degree from École des Mines de Paris, France and Bachelors degree from Institut National d'Informatique (INI), Algeria.


埃爾穆阿特茲·比拉·卡爾巴(ElMouatez Billah Karbab)是加拿大蒙特利爾的康考迪亞大學(Concordia University)研究員。他的研究專注於應用機器學習技術於惡意軟體指紋識別以及行動裝置與物聯網安全。他是加拿大國家網路取證與訓練聯盟(National Cyber Forensic and Training Alliance, NCFTA)的研究科學家,該組織專注於網路犯罪的調查。他同時擔任NCFTA加拿大的數據科學家和網路安全專家。他曾在阿爾及利亞的科學與技術資訊研究中心(Research Centre for Scientific and Technical Information, CERIST)擔任副研究員,並與南非開普敦大學(University of Cape Town)及法國Heudiasyc實驗室合作進行國際項目。埃爾穆阿特茲在國際期刊和會議上發表了多篇經過同行評審的研究文章,內容涉及使用機器學習技術的惡意軟體指紋識別、網路安全和嵌入式系統。

穆拉德·德巴比(Mourad Debbabi)是康考迪亞資訊系統工程學院的教授及吉娜·科迪工程與計算機科學學院的臨時院長。他擔任NSERC/Hydro-Quebec Thales智慧電網安全高級工業研究主席。他是數位轉型部長的網路安全諮詢委員會成員,以及網路犯罪委員會的諮詢委員會成員。他曾在加拿大警察學院、PROMPT魁北克和Calcul魁北克的董事會任職。他是康考迪亞大學安全研究中心的創始人和主任。德巴比博士擁有法國巴黎第十一大學(Université Paris-XI Orsay)的計算機科學博士和碩士學位,以及來自康斯坦丁大學(Université de Constantine)的工程學位。他在國際期刊和會議上發表了6本書籍和超過300篇經過同行評審的研究文章,主題涵蓋網路安全、網路取證、智慧電網、隱私、加密協議、威脅情報生成、惡意軟體分析、逆向工程、安全關鍵系統的規範與驗證、程式語言和類型理論。他成功指導了33名博士生、76名碩士生和14名博士後研究員。他曾在美國新澤西州普林斯頓的松下資訊與網路技術實驗室擔任高級科學家;在加拿大拉瓦爾大學的計算機科學系擔任副教授;在美國紐約的通用電氣研究中心擔任高級科學家;在美國加州史丹佛大學的計算機科學系擔任研究助理;以及在法國巴黎的Bull企業研究中心擔任常駐研究員。

阿卜杜拉希德·德哈布(Abdelouahid Derhab)博士於2001年、2003年和2007年分別在阿爾及利亞的霍阿里·布梅迪恩科技大學(University of Sciences and Technology Houari Boummediene, USTHB)獲得工程學、碩士和博士學位。他於2002年至2012年在阿爾及利亞的CERIST研究中心擔任全職研究員。2012年至2018年,他在沙烏地阿拉伯的沙烏地國王大學擔任助理教授。目前,他是沙烏地國王大學資訊保障卓越中心(Center of Excellence in Information Assurance, COEIA)的副教授。他曾擔任多本同行評審期刊的特邀編輯,並擔任多個期刊和國際會議的研討會主席、技術委員會主席和審稿人。他在不同的同行評審期刊、會議和書籍章節中發表了超過100篇論文。他同時也是全球網路研究與研究基金會(Global Foundation for Cyber Studies and Research, GFCYBER)的網路安全政策分析師。他的研究興趣包括:惡意軟體分析、網路安全、入侵檢測、行動安全、物聯網、智慧電網、區塊鏈和網路安全政策。

德傑吉卡·穆赫布(Djedjiga Mouheb)博士是阿聯酋沙迦大學(University of Sharjah)計算機科學系的助理教授。她是該大學資訊與網路安全研究小組的成員。她的研究興趣包括社交網路安全、社交機器人、惡意軟體分析、軟體指紋識別、網路威脅基礎設施的調查以及軟體安全。在加入沙迦大學之前,她曾在加拿大蒙特利爾的康考迪亞大學擔任博士後研究員。她也是加拿大國家網路取證與訓練聯盟(NCFTA)的成員。她擁有加拿大蒙特利爾康考迪亞大學的計算機科學博士學位、法國巴黎礦業學院(École des Mines de Paris)的碩士學位以及阿爾及利亞國立資訊學院(Institut National d'Informatique, INI)的學士學位。