Your search keyword '"Chen, Zhenxiang"' showing total 7 results

1. Android Malware Network Behavior Analysis at HTTP Protocol Packet Level

Author

Wang, Shanshan, Hou, Shifeng, Zhang, Lei, Chen, Zhenxiang, Han, Hongbo, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Wang, Guojin, editor, Zomaya, Albert, editor, Martinez, Gregorio, editor, and Li, Kenli, editor

Published

2015

2. Reconstruction of Android Applications’ Network Behavior Based on Application Layer Traffic

Author

Li, Qun, Zhang, Lei, Hou, Shifeng, Chen, Zhenxiang, Han, Hongbo, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Wang, Guojin, editor, Zomaya, Albert, editor, Martinez, Gregorio, editor, and Li, Kenli, editor

Published

2015

3. Effective detection of mobile malware behavior based on explainable deep neural network.

Author

Yan, Anli, Chen, Zhenxiang, Zhang, Haibo, Peng, Lizhi, Yan, Qiben, Hassan, Muhammad Umair, Zhao, Chuan, and Yang, Bo

Subjects

*TREES, *NEURAL circuitry, *PRIVACY, *MALWARE prevention, *MALWARE

Abstract

The rapid growth of the number of new mobile malware variants has posed a severe threat to user's property and privacy. Recent studies show that deep neural networks can detect malicious traffic with high accuracy. However, a deep neural network works like a black box in the sense that its structure doesn't give any insight on how it works. To overcome this drawback, we propose a method to extract rules from a deep neural network and then use the extracted rules to detect malicious network traffic. Specifically, for a trained deep neural network, we first construct one input-hidden tree per each hidden layer to represent the rules extracted between the input of the neural network and the output of that hidden layer. Then we construct one hidden-output tree to represent the rules extracted between the outputs of all hidden layers and the output of the neural network. Finally, these trees are merged to form one rule tree using the outputs of the hidden layers as a bridge. We have performed extensive experiments to verify the effectiveness of our method in terms of accuracy, precision, recall and F-Measure metrics by comparing it with other state-of-the-art methods. Experimental results show that our method achieves high accuracy using the packet size of only the first nine packets as a feature, which also gives good interpretability on how the deep neural network performs to detect malicious traffic. Besides, we design an online detection system based on FPGA to provide online detection in a high-speed network environment using rule tree, which reduces the difficulty of embedding a deep neural network into FPGA. [ABSTRACT FROM AUTHOR]

Published

2021

4. Deep and broad URL feature mining for android malware detection.

Author

Wang, Shanshan, Chen, Zhenxiang, Yan, Qiben, Ji, Ke, Peng, Lizhi, Yang, Bo, and Conti, Mauro

Subjects

*MALWARE, *PERSONAL property, *MOBILE health

Abstract

In recent years, the scale and diversity of malicious software on mobile networks have grown significantly, thereby causing considerable danger to users' property and personal privacy. In this study, we propose a malware detection method that uses the URLs visited by apps to identify malware. A multi-view neural network is used to create a malware detection model that emphasizes depth and width. This neural network can create multiple views of inputs automatically and distribute soft attention weights to focus on different features of inputs. Multiple views preserve rich semantic information from inputs for classification without requiring complicated feature engineering. In addition, we conduct comprehensive experiments to compare the proposed method with others and verify the validity of the detection model. The experimental results show that our method achieves robust and timely malware detection. It can not only effectively detect malware discovered in different months of a certain year, but also detect potentially malicious apps in the third-party app market. We also compare the detection results of the proposed method on wild apps with 10 popular anti-virus scanners, and the final result shows that our approach ranks second in terms of detection performance. [ABSTRACT FROM AUTHOR]

Published

2020

5. Detecting Android Malware Leveraging Text Semantics of Network Flows.

Author

Wang, Shanshan, Yan, Qiben, Chen, Zhenxiang, Yang, Bo, Zhao, Chuan, and Conti, Mauro

Abstract

The emergence of malicious apps poses a serious threat to the Android platform. Most types of mobile malware rely on network interface to coordinate operations, steal users’ private information, and launch attack activities. In this paper, we propose an effective and automatic malware detection method using the text semantics of network traffic. In particular, we consider each HTTP flow generated by mobile apps as a text document, which can be processed by natural language processing to extract text-level features. Then, we use the text semantic features of network traffic to develop an effective malware detection model. In an evaluation using 31 706 benign flows and 5258 malicious flows, our method outperforms the existing approaches, and gets an accuracy of 99.15%. We also conduct experiments to verify that the method is effective in detecting newly discovered malware, and requires only a few samples to achieve a good detection result. When the detection model is applied to the real environment to detect unknown applications in the wild, the experimental results show that our method performs significantly better than other popular anti-virus scanners with a detection rate of 54.81%. Our method also reveals certain malware types that can avoid the detection of anti-virus scanners. In addition, we design a detection system on encrypted traffic for bring-your-own-device enterprise network, home network, and 3G/4G mobile network. The detection model is integrated into the system to discover suspicious network behaviors. [ABSTRACT FROM PUBLISHER]

Published

2018

6. Machine learning based mobile malware detection using highly imbalanced network traffic.

Author

Chen, Zhenxiang, Yan, Qiben, Han, Hongbo, Wang, Shanshan, Peng, Lizhi, Wang, Lin, and Yang, Bo

Subjects

*MACHINE learning, *MALWARE, *SUPPORT vector machines, *INFORMATION processing, *FUZZY logic

Abstract

Abstract In recent years, the number and variety of malicious mobile apps have increased drastically, especially on Android platform, which brings insurmountable challenges for malicious app detection. Researchers endeavor to discover the traces of malicious apps using network traffic analysis. In this study, we combine network traffic analysis with machine learning methods to identify malicious network behavior, and eventually to detect malicious apps. However, most network traffic generated by malicious apps is benign, while only a small portion of traffic is malicious, leading to an imbalanced data problem when the traffic model skews towards modeling the benign traffic. To address this problem, we introduce imbalanced classification methods, including the synthetic minority oversampling technique (SMOTE) + support vector machine (SVM), SVM cost-sensitive (SVMCS), and C4.5 cost-sensitive (C4.5CS) methods. However, when the imbalance rate reaches a certain threshold, the performance of common imbalanced classification algorithms degrades significantly. To avoid performance degradation, we propose to use the imbalanced data gravitation-based classification (IDGC) algorithm to classify imbalanced data. Moreover, we develop a simplex imbalanced data gravitation classification (S-IDGC) model to further reduce the time costs of IDGC without sacrificing the classification performance. In addition, we propose a machine learning based comparative benchmark prototype system, which provides users with substantial autonomy, such as multiple choices of the desired classifiers or traffic features. Using this prototype system, users can compare the detection performance of different classification algorithms on the same data set, as well as the performance of a specific classification algorithm on multiple data sets. [ABSTRACT FROM AUTHOR]

Published

2018

7. Imbalanced learning based on adaptive weighting and Gaussian function synthesizing with an application on Android malware detection.

Author

Pang, Ying, Peng, Lizhi, Chen, Zhenxiang, Yang, Bo, and Zhang, Hongli

Subjects

*FEATURE selection, *ADAPTIVE computing systems, *GAUSSIAN function, *MALWARE

Abstract

Abstract The existence of imbalanced classes can considerably degrade the performance of most standard learning algorithms. This paper presents a new imbalanced learning method called AWGSENN to address this problem on data level. In AWGSENN, each minority instance is firstly weighted based on the number of majority class neighbors and the distance of the minority instance to its neighbors. Then, a Gaussian distribution probability density function is designed to generate new instances nonlinearly. Finally, the edited nearest neighbor rule is used as a data cleaning technique to remove overlapping and noisy instances. The proposed method is evaluated in extensive experiments by comparing it with five over-sampling and two hybrid sampling methods on 37 data sets from the KEEL data repository. Empirical study results show that our approach can achieve significant performance improvement on G-mean and the area under curve metrics. Wilcoxon signed-rank test results show that our approach is superior to other resampling approaches. We apply the proposed method for Android malware detection, and the results further demonstrate the promising performance of our approach. [ABSTRACT FROM AUTHOR]

Published

2019