Defending Your Mobile Fortress: An In-Depth Look at on-Device Trojan Detection in Machine Learning: Systematic Literature Review
DOI:
10.29303/jppipa.v9i7.4209Published:
2023-07-25Issue:
Vol. 9 No. 7 (2023): JulyKeywords:
Machine Learning, on-device detection, PRISMA, TrojanReview
Downloads
How to Cite
Downloads
Metrics
Abstract
Mobile app trojans are becoming an increasingly serious threat to personal information security. They can cause severe damage by exposing sensitive and personally-identifying information to malicious actors. This paper’s contribution is a comprehensive review of the attack vectors for trojan attacks, and ways to eliminate the risks posed by attack vectors and generate settlement automatically. As such, such attacks must be prevented. In this study, we explore to find how to detect the trojan attack in detail, and the way that we know in machine learning. A review is conducted on the state-of-the-art methods using the preferred reporting items for reviews and meta-analyses (PRISMA) guidelines. We review literature from several publications and analyze the use of machine learning for on-device trojan detection. This review provides evidence for the effectiveness of machine learning in detecting such threats. The current trend shows that signature-based analysis using various metadata, such as permission, intent, API and system calls, and network analysis, are capable of detecting trojan attacks before and after the initial infection
References
Acharya, S., Rawat, U., & Bhatnagar, R. (2022). A Low Computational Cost Method for Mobile Malware Detection Using Transfer Learning and Familial Classification Using Topic Modelling. Applied Computational Intelligence and Soft Computing, 2022, 1–22. https://doi.org/10.1155/2022/4119500
Alani, M. M., & Awad, A. I. (2022). PAIRED: An Explainable Lightweight Android Malware Detection System. IEEE Access, 10, 73214–73228. https://doi.org/10.1109/ACCESS.2022.3189645
Alzubaidi, A. (2021). Recent Advances in Android Mobile Malware Detection: A Systematic Literature Review. IEEE Access, 9, 146318–146349. https://doi.org/10.1109/ACCESS.2021.3123187
Aminuddin, N. I., & Abdullah, Z. (2019). Android Trojan Detection Based on Dynamic Analysis. Advances in Computing and Intelligent System, 1(1).Retrieved from http://www.fazpublishing.com/acis/index.php/acis/article/view/4
Casolare, R., Dominicis, C. D., Iadarola, G., Martinelli, F., Mercaldo, F., & Santone, A. (2021). Dynamic Mobile Malware Detection through System Call-based Image Representation. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 12(1), 44–63. https://doi.org/10.22667/JOWUA.2021.03.31.044
Chen, H., Li, Z., Jiang, Q., Rasool, A., & Chen, L. (2021). A Hierarchical Approach for Android Malware Detection Using Authorization-Sensitive Features. Electronics, 10(4), 432. https://doi.org/10.3390/electronics10040432
Dam, K. H. T., & Touili, T. (2021). MADLIRA: A Tool for Android Malware Detection. Proceedings of the 7th International Conference on Information Systems Security and Privacy, 670–675. https://doi.org/10.5220/0010339506700675
Dehkordy, D. T., & Rasoolzadegan, A. (2020). DroidTKM: Detection of Trojan Families using the KNN Classifier Based on Manhattan Distance Metric. 2020 10th International Conference on Computer and Knowledge Engineering (ICCKE), 136–141. https://doi.org/10.1109/ICCKE50421.2020.9303720
Du, J., Raza, S. H., Ahmad, M., Alam, I., Dar, S. H., & Habib, M. A. (2022). Digital Forensics as Advanced Ransomware Pre-Attack Detection Algorithm for Endpoint Data Protection. Security and Communication Networks, 2022, 1–16. https://doi.org/10.1155/2022/1424638
Fan, Y., Ju, M., Hou, S., Ye, Y., Wan, W., Wang, K., ... & Xiong, Q. (2021). Heterogeneous Temporal Graph Transformer: An Intelligent System for Evolving Android Malware Detection. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, 2831-2839. https://doi.org/10.1145/3447548.3467168
Feng, R., Chen, S., Xie, X., Meng, G., Lin, S.-W., & Liu, Y. (2021). A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices. IEEE Transactions on Information Forensics and Security, 16, 1563–1578. https://doi.org/10.1109/TIFS.2020.3025436
Fiky, A. H. E., Shenawy, A. E., & Madkour, M. A. (2021). Android Malware Category and Family Detection and Identification using Machine Learning. ArXiv preprint. https://doi.org/arXiv:2107.01927
Garcia, J., Hammad, M., & Malek, S. (2017). Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware. ACM Transactions on Software Engineering and Methodology, 26(3), 1–29. https://doi.org/10.1145/3162625
Hou, S., Fan, Y., Ju, M., Ye, Y., Wan, W., Wang, K., Mei, Y., Xiong, Q., & Shao, F. (2021). Disentangled Representation Learning in Heterogeneous Information Network for Large-scale Android Malware Detection in the COVID-19 Era and Beyond. Proceedings of the AAAI Conference on Artificial Intelligence, 35(9), 7754–7761. https://doi.org/10.1609/aaai.v35i9.16947
Huang, T. H.-D., & Kao, H.-Y. (2018). R2-D2: ColoR-inspired Convolutional Neural Network (CNN)-based AndroiD Malware Detections. arXiv. Retrieved from http://arxiv.org/abs/1705.04448
Idrees, F., Rajarajan, M., Conti, M., Chen, T. M., & Rahulamathavan, Y. (2017). PIndroid: A novel Android malware detection system using ensemble learning methods. Computers & Security, 68, 36–46. https://doi.org/10.1016/j.cose.2017.03.011
Imtiaz, S. I., Rehman, S. ur, Javed, A. R., Jalil, Z., Liu, X., & Alnumay, W. S. (2021). DeepAMD: Detection and identification of Android malware using high-efficient Deep Artificial Neural Network. Future Generation Computer Systems, 115, 844–856. https://doi.org/10.1016/j.future.2020.10.008
John, T. S., Thomas, T., & Emmanuel, S. (2020). Graph Convolutional Networks for Android Malware Detection with System Call Graphs. 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP), 162–170. https://doi.org/10.1109/ISEA-ISAP49340.2020.235015
Kim, J., Ban, Y., Ko, E., Cho, H., & Yi, J. H. (2022). MAPAS: A practical deep learning-based Android malware detection system. International Journal of Information Security, 21(4), 725–738. https://doi.org/10.1007/s10207-022-00579-6
Kim, T., Kang, B., Rho, M., Sezer, S., & Im, E. G. (2019). A Multimodal Deep Learning Method for Android Malware Detection Using Various Features. IEEE Transactions on Information Forensics and Security, 14(3), 773–788. https://doi.org/10.1109/TIFS.2018.2866319
Kulkarni, K., & Javaid, A. Y. (2018). Opensource android vulnerability detection tools: A survey. ArXiv Preprint ArXiv:1807.11840. https://doi.org/10.48550/arXiv.1807.11840
Liu, Z., Wang, R., Japkowicz, N., Tang, D., Zhang, W., & Zhao, J. (2021). Research on unsupervised feature learning for Android malware detection based on Restricted Boltzmann Machines. Future Generation Computer Systems, 120, 91–108. https://doi.org/10.1016/j.future.2021.02.015
Ma, Z., Ge, H., Wang, Z., Liu, Y., & Liu, X. (2020). Droidetec: Android Malware Detection and Malicious Code Localization through Deep Learning (arXiv:2002.03594). arXiv. http://arxiv.org/abs/2002.03594
Mahindru, A., & Singh, P. (2017). Dynamic Permissions-based Android Malware Detection using Machine Learning Techniques. Proceedings of the 10th Innovations in Software Engineering Conference, 202–210. https://doi.org/10.1145/3021460.3021485
Martinelli, F., Mercaldo, F., & Saracino, A. (2017). BRIDESMAID: An hybrid tool for accurate detection of Android malware. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 899–901. https://doi.org/10.1145/3052973.3055156
Mcdonald, J., Herron, N., Glisson, W., & Benton, R. (2021a). Machine Learning-Based Android Malware Detection Using Manifest Permissions. Hawaii International Conference on System Sciences. https://doi.org/10.24251/HICSS.2021.839
Mcdonald, J., Herron, N., Glisson, W., & Benton, R. (2021b). Machine Learning-Based Android Malware Detection Using Manifest Permissions. Hawaii International Conference on System Sciences. https://doi.org/10.24251/HICSS.2021.839
Mohamad Arif, J., Ab Razak, M. F., Awang, S., Tuan Mat, S. R., Ismail, N. S. N., & Firdaus, A. (2021). A static analysis approach for Android permission-based malware detection systems. PLOS ONE, 16(9), e0257968. https://doi.org/10.1371/journal.pone.0257968
Mohamad Arif, J., Ab Razak, M. F., Tuan Mat, S. R., Awang, S., Ismail, N. S. N., & Firdaus, A. (2021). Android mobile malware detection using fuzzy AHP. Journal of Information Security and Applications, 61, 102929. https://doi.org/10.1016/j.jisa.2021.102929
Palumbo, P., Sayfullina, L., Komashinskiy, D., Eirola, E., & Karhunen, J. (2017). A pragmatic Android malware detection procedure. Computers & Security, 70, 689–701. https://doi.org/10.1016/j.cose.2017.07.013
Pektaş, A., & Acarman, T. (2020). Deep learning for effective Android malware detection using API call graph embeddings. Soft Computing, 24(2), 1027–1043. https://doi.org/10.1007/s00500-019-03940-5
Peng, T., Hu, B., Liu, J., Huang, J., Zhang, Z., He, R., & Hu, X. (2022). A Lightweight Multi-Source Fast Android Malware Detection Model. Applied Sciences, 12(11), 5394. https://doi.org/10.3390/app12115394
Qamar, A., Karim, A., & Chang, V. (2019). Mobile malware attacks: Review, taxonomy & future directions. Future Generation Computer Systems, 97, 887–909. https://doi.org/10.1016/j.future.2019.03.007
Ramadhan, A., & Setiyani, L. (2020). The Analysis Of Knowledge Management Process On Software Development Process: A Systematic Review. Dinasti International Journal of Digital Business Management, 1(4), 522–535. https://doi.org/10.31933/DIJDBM
Rathore, H., Sahay, S. K., Nikam, P., & Sewak, M. (2021). Robust Android Malware Detection System against Adversarial Attacks using Q-Learning. Information Systems Frontiers, 23(4), 867–882. https://doi.org/10.1007/s10796-020-10083-8
Riadi, I., Aprilliansyah, D., & Sunardi, S. (2022). Mobile Device Security Evaluation using Reverse TCP Method. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 289-298. https://doi.org/10.22219/kinetik.v7i3.1433
Saeed Jawad, M., & Hlayel, M. (2022). Intelligent Cybersecurity Threat Management in Modern Information Technologies Systems. In S. Ramakrishnan (Ed.), Lightweight Cryptographic Techniques and Cybersecurity Approaches. IntechOpen. https://doi.org/10.5772/intechopen.105478
Sasidharan, S. K., & Thomas, C. (2021). ProDroid—An Android malware detection framework based on a profile hidden Markov model. Pervasive and Mobile Computing, 72, 101336. https://doi.org/10.1016/j.pmcj.2021.101336
Sayed, M. I., Saha, S., & Haque, A. (2023). Deep Learning Based Malapps Detection in Android Powered Mobile Cyber-Physical System. 2023 International Conference on Computing, Networking and Communications (ICNC), 443–449. https://doi.org/10.1109/ICNC57223.2023.10074208
Shan, Z., Neamtiu, I., & Samuel, R. (2018). Self-hiding behavior in Android apps: Detection and characterization. Proceedings of the 40th International Conference on Software Engineering, 728–739. https://doi.org/10.1145/3180155.3180214
Surendran, R., Thomas, T., & Emmanuel, S. (2020a). A TAN-based hybrid model for Android malware detection. Journal of Information Security and Applications, 54, 102483. https://doi.org/10.1016/j.jisa.2020.102483
Surendran, R., Thomas, T., & Emmanuel, S. (2020b). GSDroid: Graph Signal Based Compact Feature Representation for Android Malware Detection. Expert Systems with Applications, 159, 113581. https://doi.org/10.1016/j.eswa.2020.113581
Ullah, S., Ahmad, T., Buriro, A., Zara, N., & Saha, S. (2022). TrojanDetector: A Multi-Layer Hybrid Approach for Trojan Detection in Android Applications. Applied Sciences, 12(21), 10755. https://doi.org/10.3390/app122110755
Wang, X., Wang, W., He, Y., Liu, J., Han, Z., & Zhang, X. (2017a). Characterizing Android apps’ behavior for effective detection of malaprops at a large scale. Future Generation Computer Systems, 75, 30–45. https://doi.org/10.1016/j.future.2017.04.041
Wei, F., Li, Y., Roy, S., Ou, X., & Zhou, W. (2017). Deep ground truth analysis of current Android malware. Detection of Intrusions and Malware, and Vulnerability Assessment: 14th International Conference, DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings 14, 252–276. https://doi.org/10.1007/978-3-319-60876-1_12
Weichbroth, P., & Åysik, Å. (2020). Mobile Security: Threats and Best Practices. Mobile Information Systems, 2020, 1–15. https://doi.org/10.1155/2020/8828078
Xie, J., Li, S., Yun, X., Zhang, Y., & Chang, P. (2020). HSTF-Model: An HTTP-based Trojan detection model via the Hierarchical Spatio-temporal Features of Traffic. Computers & Security, 96, 101923. https://doi.org/10.1016/j.cose.2020.101923
Yadav, P., Menon, N., Ravi, V., Vishvanathan, S., & Pham, T. D. (2022). A twoâ€stage deep learning framework for imageâ€based Android malware detection and variant classification. Computational Intelligence, 38(5), 1748–1771. https://doi.org/10.1111/coin.12532
Zhao, F. (2022). Naive Bayes Algorithm Mining Mobile Phone Trojan Crime Clues. Mobile Information Systems, 2022, 1–11. https://doi.org/10.1155/2022/6262147
Zhou, Q., Feng, F., Shen, Z., Zhou, R., Hsieh, M.-Y., & Li, K.-C. (2019). A novel approach for mobile malware classification and detection in Android systems. Multimedia Tools and Applications, 78(3), 3529–3552. https://doi.org/10.1007/s11042-018-6498-z
Zulkifli, A., Hamid, I. R. A., Shah, W. M., & Abdullah, Z. (2018). Android Malware Detection Based on Network Traffic Using Decision Tree Algorithm. Recent Advances on Soft Computing and Data Mining, 700, 485–494. https://doi.org/10.1007/978-3-319-72550-5_46
Author Biographies
Lila Setiyani, Information Systems Study Program, STMIK ROSMA, Karawang, Indonesia
Koo Tito Novelianto, Information Study Program Informatics, Universitas President, Bekasi, Indonesia
Rusdianto Roestam, Information Study Program Informatics, Universitas President, Bekasi, Indonesia
Yuliarman Saragih, Electrical Engineering Study Program, Universitas Singaperbangsa, Karawang, Indonesia
License
Copyright (c) 2023 Lila Setiyani, Koo Tito Novelianto, Rusdianto Roestam, Sella Monica, Ayu Nur Indahsari, Amadeuz Ezrafel, Alinda Endang Poerwati, Yuliarman Saragih
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with Jurnal Penelitian Pendidikan IPA, agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 International License (CC-BY License). This license allows authors to use all articles, data sets, graphics, and appendices in data mining applications, search engines, web sites, blogs, and other platforms by providing an appropriate reference. The journal allows the author(s) to hold the copyright without restrictions and will retain publishing rights without restrictions.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in Jurnal Penelitian Pendidikan IPA.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
