An Improved Pre-Exploitation Detection Model for Android Malware Attacks

This paper presents an innovative approach to the early detection of Android malware, focusing on a dynamic pre-exploitation phase identification system. Traditional methods often rely on static thresholding to delineate the pre-exploitation phase of malware attacks, which can be insufficient due to...

Full description

Saved in:
Bibliographic Details
Published inEngineering, technology & applied science research Vol. 14; no. 5; pp. 16252 - 16259
Main Authors Al Besher, Hamad Saleh, Bin Rohani, Mohd Fo’ad, Saleh Al-rimy, Bander Ali
Format Journal Article
LanguageEnglish
Published 09.10.2024
Online AccessGet full text

Cover

Abstract This paper presents an innovative approach to the early detection of Android malware, focusing on a dynamic pre-exploitation phase identification system. Traditional methods often rely on static thresholding to delineate the pre-exploitation phase of malware attacks, which can be insufficient due to the diverse behaviors exhibited by various malware families. This study introduces the Dynamic Pre-exploitation Boundary Definition and Feature Extraction (DPED-FE) system to address these limitations, which utilizes entropy for change detection, thus enabling more accurate and timely identification of potential threats before they reach the exploitation phase. A comprehensive analysis of the system's methodology is provided, including the use of vector space models with Kullback-Leibler divergence for dynamic boundary detection and advanced feature extraction techniques such as Weighted Term Frequency-Inverse Document Frequency (WF-IDF) to enhance its predictive capabilities. The experimental results demonstrate the superior performance of DPED-FE compared to traditional methods, highlighting its effectiveness in real-world scenarios.
AbstractList This paper presents an innovative approach to the early detection of Android malware, focusing on a dynamic pre-exploitation phase identification system. Traditional methods often rely on static thresholding to delineate the pre-exploitation phase of malware attacks, which can be insufficient due to the diverse behaviors exhibited by various malware families. This study introduces the Dynamic Pre-exploitation Boundary Definition and Feature Extraction (DPED-FE) system to address these limitations, which utilizes entropy for change detection, thus enabling more accurate and timely identification of potential threats before they reach the exploitation phase. A comprehensive analysis of the system's methodology is provided, including the use of vector space models with Kullback-Leibler divergence for dynamic boundary detection and advanced feature extraction techniques such as Weighted Term Frequency-Inverse Document Frequency (WF-IDF) to enhance its predictive capabilities. The experimental results demonstrate the superior performance of DPED-FE compared to traditional methods, highlighting its effectiveness in real-world scenarios.
Author Al Besher, Hamad Saleh
Bin Rohani, Mohd Fo’ad
Saleh Al-rimy, Bander Ali
Author_xml – sequence: 1
  givenname: Hamad Saleh
  surname: Al Besher
  fullname: Al Besher, Hamad Saleh
– sequence: 2
  givenname: Mohd Fo’ad
  surname: Bin Rohani
  fullname: Bin Rohani, Mohd Fo’ad
– sequence: 3
  givenname: Bander Ali
  surname: Saleh Al-rimy
  fullname: Saleh Al-rimy, Bander Ali
BookMark eNot0DtPwzAUBWALFYlQOvEHvKOUXOfWdsaoFFqpFQwwR37cSIE0juyIx78HCmc5ZzrDd8lmQxiIsWsolqgLjbc0mRSXSko4YxmoSuS6KOWMZUIg5IhaXbBFSq_FT6SWqETGtvXAd8cxhnfy_ClSvvkc-9BNZurCwO9oIndah-Cp522IvB58DJ3nB9N_mEi8nibj3tIVO29Nn2jx33P2cr95Xm_z_ePDbl3vcwdYQu68NxqtEF6g0K0rEFGR0aS0pMoClN62KAWsFFQgvZTW2gpLQStqkaCcs5u_XxdDSpHaZozd0cSvBorm5NCcHJpfh_IbY8tSqQ
Cites_doi 10.1016/j.future.2020.10.002
10.1109/NCA.2017.8171377
10.1016/j.cose.2018.05.010
10.3390/computers8040079
10.14209/jcis.2022.7
10.1109/TIFS.2015.2491300
10.36227/techrxiv.13146866.v1
10.1016/j.future.2021.10.029
10.21203/rs.3.rs-4019125/v1
10.1016/j.future.2018.07.052
10.1016/j.jnca.2018.09.013
10.3390/s24061728
10.1145/2396761.2398435
10.1016/j.jisa.2018.02.008
10.37934/araset.39.2.110131
10.1016/j.future.2019.06.005
10.1109/TIFS.2017.2787905
10.1007/978-3-319-94782-2_7
10.1016/j.cose.2017.11.019
10.1016/j.eswa.2018.02.039
10.1109/TR.2004.823851
10.1109/TETC.2017.2756908
10.1145/3180465.3180467
10.1016/j.future.2018.07.045
10.1016/j.knosys.2018.04.033
10.1109/ACCESS.2019.2931136
10.1007/s12652-017-0558-5
10.23919/ICACT.2018.8323682
10.1016/j.comnet.2017.09.003
10.1145/3538969.3544413
10.1109/ACCESS.2020.3012674
ContentType Journal Article
DBID AAYXX
CITATION
DOI 10.48084/etasr.7661
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList CrossRef
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 1792-8036
EndPage 16259
ExternalDocumentID 10_48084_etasr_7661
GroupedDBID .4S
5VS
AAYXX
ADBBV
AEGXH
ALMA_UNASSIGNED_HOLDINGS
ARCSS
BCNDV
CITATION
EBS
EDO
EJD
ITG
ITH
KWQ
OK1
RNS
TUS
ID FETCH-LOGICAL-c1431-cdda84b22d2428fc04447ea8e786e9b113dbf4621571916d66bbb9432e5ef4e13
ISSN 2241-4487
IngestDate Tue Jul 01 02:27:30 EDT 2025
IsDoiOpenAccess false
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 5
Language English
License https://creativecommons.org/licenses/by/4.0
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c1431-cdda84b22d2428fc04447ea8e786e9b113dbf4621571916d66bbb9432e5ef4e13
OpenAccessLink https://etasr.com/index.php/ETASR/article/download/7661/3966
PageCount 8
ParticipantIDs crossref_primary_10_48084_etasr_7661
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2024-10-09
PublicationDateYYYYMMDD 2024-10-09
PublicationDate_xml – month: 10
  year: 2024
  text: 2024-10-09
  day: 09
PublicationDecade 2020
PublicationTitle Engineering, technology & applied science research
PublicationYear 2024
References 235371
235393
235370
235392
235373
235372
235375
235374
235377
235376
235391
235390
235368
235367
235389
235369
235360
235382
235381
235362
235384
235361
235383
235364
235386
235363
235385
235366
235388
235365
235387
235380
235357
235379
235378
235359
235358
References_xml – ident: 235383
  doi: 10.1016/j.future.2020.10.002
– ident: 235361
  doi: 10.1109/NCA.2017.8171377
– ident: 235378
  doi: 10.1016/j.cose.2018.05.010
– ident: 235387
  doi: 10.3390/computers8040079
– ident: 235390
  doi: 10.14209/jcis.2022.7
– ident: 235379
  doi: 10.1109/TIFS.2015.2491300
– ident: 235377
– ident: 235389
  doi: 10.36227/techrxiv.13146866.v1
– ident: 235371
– ident: 235363
  doi: 10.1016/j.future.2021.10.029
– ident: 235388
  doi: 10.21203/rs.3.rs-4019125/v1
– ident: 235393
  doi: 10.1016/j.future.2018.07.052
– ident: 235381
  doi: 10.1016/j.jnca.2018.09.013
– ident: 235386
  doi: 10.3390/s24061728
– ident: 235392
  doi: 10.1145/2396761.2398435
– ident: 235368
  doi: 10.1016/j.jisa.2018.02.008
– ident: 235385
  doi: 10.37934/araset.39.2.110131
– ident: 235382
  doi: 10.1016/j.future.2019.06.005
– ident: 235384
– ident: 235359
  doi: 10.1109/TIFS.2017.2787905
– ident: 235364
  doi: 10.1007/978-3-319-94782-2_7
– ident: 235362
  doi: 10.1016/j.cose.2017.11.019
– ident: 235369
  doi: 10.1016/j.eswa.2018.02.039
– ident: 235357
  doi: 10.1109/TR.2004.823851
– ident: 235365
  doi: 10.1109/TETC.2017.2756908
– ident: 235366
  doi: 10.1145/3180465.3180467
– ident: 235375
  doi: 10.1016/j.future.2018.07.045
– ident: 235372
– ident: 235380
  doi: 10.1016/j.knosys.2018.04.033
– ident: 235374
– ident: 235391
  doi: 10.1109/ACCESS.2019.2931136
– ident: 235360
  doi: 10.1007/s12652-017-0558-5
– ident: 235370
– ident: 235367
  doi: 10.23919/ICACT.2018.8323682
– ident: 235358
  doi: 10.1016/j.comnet.2017.09.003
– ident: 235376
  doi: 10.1145/3538969.3544413
– ident: 235373
  doi: 10.1109/ACCESS.2020.3012674
SSID ssj0000686472
ssib044735913
ssib050383323
Score 2.2706137
Snippet This paper presents an innovative approach to the early detection of Android malware, focusing on a dynamic pre-exploitation phase identification system....
SourceID crossref
SourceType Index Database
StartPage 16252
Title An Improved Pre-Exploitation Detection Model for Android Malware Attacks
Volume 14
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV09b9swECXcdGmHoJ9o0w9wyGYojShaIkelSGAUSIciAbIZpHhCDDhy4Soo0KG_pD-2dyQlM4GHtItgy6Yg6x6O78537xg7FCQpIkj50RmRSd3YTDWAztBqEqFEAttSoHj-tZxfyi9Xs6vJ5E9StXTb26Pm186-kv-xKp5Du1KX7D9YdrwonsDXaF88ooXx-CAbU0bPJwWAKv4h8wV1UXQbPUkPYQ44zTvzbYq-fHG9pMqK1U8q-ar7nnrs76TntwKF9Pj7MfXuQWIiaR26gaJW0JhTrlfTExiGqc_NjUE6i1vQ-PnJspt-W1-HQVJ4Y9duerYeCi60cWPChxZN61W2Wd6EUdi-CwfPLNM8hZC-4k1v3RlxhQyDwbC9QnC3lUZ_fBwkUEZ_LBPczRLnmmOsJpKdmt7rXduAVMdKEiJ682NzVJVB7v2u2Pa9TXAsTcSgyC9f-MULWvyIPRYYhNB8jPPfp4O3kjS0OfmPl3R1iiKSrcADFGnz03TD4aeHBlF__U_bm0soUcJtLp6x_RiU8Dog7DmbQPeCPU2Q8JLN644PWOP3scZHrHGPNY5Y4xFrPGKNR6y9Ypdnpxef51mcwpE1yKXzrHHOKGmFcMjmVNuQwGAFRkGlStA2zwtnW1kidaww9i9dWVprtSwEzKCVkBev2V637uAN4zk02tIEgxn1wpfSgGmVw4DfSdx4TPGWHQ4PYvE9iK0sdtjj4GFfe8eebHH4nu31m1v4gAyytx-9If8CSeNtaw
linkProvider ISSN International Centre
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=An+Improved+Pre-Exploitation+Detection+Model+for+Android+Malware+Attacks&rft.jtitle=Engineering%2C+technology+%26+applied+science+research&rft.au=Al+Besher%2C+Hamad+Saleh&rft.au=Bin+Rohani%2C+Mohd+Fo%E2%80%99ad&rft.au=Saleh+Al-rimy%2C+Bander+Ali&rft.date=2024-10-09&rft.issn=2241-4487&rft.eissn=1792-8036&rft.volume=14&rft.issue=5&rft.spage=16252&rft.epage=16259&rft_id=info:doi/10.48084%2Fetasr.7661&rft.externalDBID=n%2Fa&rft.externalDocID=10_48084_etasr_7661
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2241-4487&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2241-4487&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2241-4487&client=summon