DroidOL: Those who follow the news about the online security θα γνωρίζουν ότι οι εγκληματίες γίνονται συνεχώς και πιο ευρηματικοί, αναπτύσσουν νέα εργαλεία, και ανακαλύπτουν νέους τρόπους επιθέσεων για να περάσουν απαρατήρητοι από συμβατικές λύσεις ασφαλείας. Μια ομάδα ερευνητών από το Τεχνολογικό Πανεπιστήμιο Nanyang, στη Σιγκαπούρη, δημιούργησε μια νέα λύση μεγάλης κλίμακας για ανίχνευση malicioussoftware on Android.
It is called DroidOL, and is a customized and extensible malware detection framework based on online learning.
Let's see how the DroidOL framework helps improve the detection of Android malware.
“DroidOL achieves superior accuracy by extracting high-quality features from applications' inter-procedural control-flow graphs (ICFGs), which are known to appear very strongly during the various obfuscation techniques that are used by malware”, the researchers explain.
The researchers used the Weisfeiler-Lehman (WL) graph kernel to extract semantic features from the ICFGs, and finally e-learning to distinguish between good and bad applications.
The model is continually retrained, and ultimately, it performs significantly better than the engineering-based learning techniques that dominate various platforms (including Android OS).
“In a large-scale benchmarking with more than 87.000 applications, DroidOL achieves an accuracy of 84.29%, surpassing two state-of-the-art malware techniques by more than 20% in a standard learning environment and over 3% when is constantly being trained, ”the researchers note.
More details about DroidOL can be found at the following link:
