Malware detection using learning and information retrieval for Android
Malware detection using learning and information retrieval for Android
MADLIRA is a tool for Android malware detection. It consists in two components: TFIDF component and SVM learning component. In gerneral, it takes an input a set of malwares and benwares and then extracts the malicious behaviors (TFIDF component) or computes training model (SVM classifier). Then, it uses this knowledge to detect malicious behaviors in the Android application.
Download file MADLIRA.7z and decompress it.
This tool have two main components: TFIDF component and SVM component.
Command: java -jar MADLIRA TFIDF
For this component, there are two functions: the training function (Malicious behavior extraction) and the test function (Malicious behavior detection)
MADLIRA TFIDF packAPK -PB benignApkFolder -B benignPack -PM maliciousApkFolder -M maliciousPack
java -jar MADLIRA TFIDF train -B benignPack -M maliciousPack
java -jar MADLIRA TFIDF check -S checkApk
Command:
java -jar MADLIRA TFIDF train <Options>
Compute the malicious specifications for given training data.
-B <filename>: the archive file contains all graphs of training benwares.
-M <filename>: the archive file contains all categories of training malwares.
java -jar MADLIRA TFIDF check <Options>
Check malicious behaviors in the given applications in a folder.
-S <folder>: the folder contains all applications (apk files).
java -jar MADLIRA TFIDF test <Options>
Test the classifier for a given test data.
-S <folder>: the folder contains all graphs for testing.
java -jar MADLIRA TFIDF clear
Clean all training data.
java -jar MADLIRA TFIDF install
Clean old training data and install a new data for training.
-B <filename>: the archive file contains all graphs of training benwares.
-M <filename>: the archive file contains all categories of training malwares.
Training new data:
java -jar MADLIRA TFIDF packAPK -PB BenApkFolder -B BenPack -PM MalApkFolder -M MalPack
java -jar MADLIRA TFIDF clear
java -jar MADLIRA TFIDF train -B BenPack -M MalPack
Checking new applications:
java -jar MADLIRA TFIDF check -S checkApk
Output:
Command: java -jar MADLIRA SVM
For this component, there are two functions: the training function and the test function.
java -jar MADLIRA SVM packAPK -PB benignApkFolder -B benignPack -PM maliciousApkFolder -M maliciousPack
java -jar MADLIRA SVM train -B benignPack -M maliciousPack
java -jar MADLIRA SVM check -S checkApk
Command:
```
java -jar MADLIRA SVM train
java -jar MADLIRA SVM check
java -jar MADLIRA SVM test
java -jar MADLIRA SVM clear Clean all training data. ```
This tool uses the following packages: