An Improved Pre-Exploitation Detection Model for Android Malware Attacks

• Published in: Engineering, technology & applied science research Vol. 14; no. 5; pp. 16252 - 16259
• Main Authors: Al Besher, Hamad Saleh, Bin Rohani, Mohd Fo’ad, Saleh Al-rimy, Bander Ali
• Format: Journal Article
• Language: English
• Published: 09.10.2024
• ISSN: 2241-4487; 1792-8036
• DOI: 10.48084/etasr.7661

This paper presents an innovative approach to the early detection of Android malware, focusing on a dynamic pre-exploitation phase identification system. Traditional methods often rely on static thresholding to delineate the pre-exploitation phase of malware attacks, which can be insufficient due to the diverse behaviors exhibited by various malware families. This study introduces the Dynamic Pre-exploitation Boundary Definition and Feature Extraction (DPED-FE) system to address these limitations, which utilizes entropy for change detection, thus enabling more accurate and timely identification of potential threats before they reach the exploitation phase. A comprehensive analysis of the system's methodology is provided, including the use of vector space models with Kullback-Leibler divergence for dynamic boundary detection and advanced feature extraction techniques such as Weighted Term Frequency-Inverse Document Frequency (WF-IDF) to enhance its predictive capabilities. The experimental results demonstrate the superior performance of DPED-FE compared to traditional methods, highlighting its effectiveness in real-world scenarios.