Android malware is a growing threat, coinciding with the increasing adoption of the Android platform. Malware detection methods used to maintain user privacy and system integrity are increasingly becoming the subject of research. Many new methods studied employ learning algorithms to detect malicious programs. This study investigates the use of byte and opcode frequency features as inputs for tree-based machine learning methods. The algorithm is optimized to reduce overfitting given input hyperparameter combinations and is tuned using cross-validation procedures. Lastly, the study deliberates on possible avenues for future research to gather more concrete evidence for the efficacy and cost-effectiveness of such a system in a productive environment, emphasizing the need for more strenuous testing processes.

This book captures the state of the art research in the area of malicious code detection, prevention and mitigation. It contains cutting-edge behavior-based techniques to analyze and detect obfuscated malware. The book analyzes current trends in malware activity online, including botnets and malicious code for profit, and it proposes effective models for detection and prevention of attacks using. Furthermore, the book introduces novel techniques for creating services that protect their own integrity and safety, plus the data they manage.

The authors develop a malware fingerprinting framework to cover accurate android malware detection and family attribution in this book. The authors emphasize the following: (1) the scalability over a large malware corpus; (2) the resiliency to common obfuscation techniques; (3) the portability over different platforms and architectures. First, the authors propose an approximate fingerprinting technique for android packaging that captures the underlying static structure of the android applications in the context of bulk and offline detection at the app-market level. This book proposes a malware clustering framework to perform malware clustering by building and partitioning the similarity network of malicious applications on top of this fingerprinting technique. Second, the authors propose an approximate fingerprinting technique that leverages dynamic analysis and natural language processing techniques to generate Android malware behavior reports. Based on this fingerprinting technique, the authors propose a portable malware detection framework employing machine learning classification. Third, the authors design an automatic framework to produce intelligence about the underlying malicious cyber-infrastructures of Android malware. The authors then leverage graph analysis techniques to generate relevant intelligence to identify the threat effects of malicious Internet activity associated with android malware. The authors elaborate on an effective android malware detection system, in the online detection context at the mobile device level. It is suitable for deployment on mobile devices, using machine learning classification on method call sequences. Also, it is resilient to common code obfuscation techniques and adaptive to operating systems and malware change overtime, using natural language processing and deep learning techniques. Researchers working in mobile and network security, machine learning and pattern recognition will find this book useful as a reference. Advanced-level students studying computer science within these topic areas will purchase this book as well.

Mobile devices, such as smart phones, have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become a source of pain for adopting users and organizations. In particular, the widespread presence of information-stealing applications and other types of mobile malware raises substantial security and privacy concerns. Android Malware presents a systematic view on state-of-the-art mobile malware that targets the popular Android mobile platform. Covering key topics like the Android malware history, malware behavior and classification, as well as, possible defense techniques.

The rapid growth and development of Android-based devices has resulted in a wealth of sensitive information on mobile devices that offer minimal malware protection. This has created an immediate need for security professionals that understand how to best approach the subject of Android malware threats and analysis.In Android Malware and Analysis, K

Android is the most popular mobile operating system with a market share of over 80%. Due to its popularity and also its open source nature, Android is now the platform most targeted by malware, creating an urgent need for effective defense mechanisms to protect Android-enabled devices. In this dissertation, we present a novel characterization and machine learning method for Android malware classification. We first present a method of dynamically analyzing and classifying Android applications as either malicious or benign based on their execution behaviors. We invent novel graph-based methods of characterizing an application's execution behavior that are inspired by traditional vector-based characterization methods. We show evidence that our graph-based techniques are superior to vector-based techniques for the problem of classifying malicious and benign applications. We also augment our dynamic analysis characterization method with a static analysis method which we call HADM, Hybrid Analysis for Detection of Malware. We first extract static and dynamic information, and convert this information into vector-based representations. It has been shown that combining advanced features derived by deep learning with the original features provides significant gains. Therefore, we feed each of the original dynamic and static feature vector sets to a Deep Neural Network (DNN) which outputs a new set of features. These features are then concatenated with the original features to construct DNN vector sets. Different kernels are then applied onto the DNN vector sets. We also convert the dynamic information into graph-based representations and apply graph kernels onto the graph sets. Learning results from various vector and graph feature sets are combined using hierarchical Multiple Kernel Learning (MKL) to build a final hybrid classifier. Graph-based characterization methods and their associated machine learning algorithm tend to yield better accuracy for the problem of malware detection. However, the graph-based machine learning techniques we use, i.e., graph kernels, are computationally expensive. Therefore, we also study the parallelization of graph kernels in this dissertation. We first present a fast sequential implementation of the graph kernel. Then, we explore two different parallelization schemes on the CPU and four different implementations on the GPU. After analyzing the advantages of each, we present a hybrid parallel scheme, which dynamically chooses the best parallel implementation to use based on characteristics of the problem. In the last chapter of this dissertation, we explore parallelizing deep learning on a novel architecture design, which may be prevalent in the future. Parallelization of deep learning methods has been studied on traditional CPU and GPU clusters. However, the emergence of Processing In Memory (PIM) with die-stacking technology presents an opportunity to speed up deep learning computation and reduce energy consumption by providing low-cost high-bandwidth memory accesses. PIM uses 3D die stacking to move computations closer to memory and therefore reduce data movement overheads. In this dissertation, we study the parallelization of deep learning methods on a system with multiple PIM devices. We select three representative deep learning neural network layers: the convolutional, pooling, and fully connected layers, and parallelize them using different schemes targeted to PIM devices.