Classificação de Malwares Android com Análise Dinâmica Segmentada e Estratégia Multivisualização
Resumo
Neste artigo, propomos um modelo dinâmico de detecção de malwares Android em duas fases: extração de características com base em janelas temporais e classificação multivisualização. A primeira fase segmenta a execução do app em curtos intervalos, permitindo extração rápida e de baixa latência. A segunda aplica classificadores em diferentes visualizações, cujos resultados são combinados por votação majoritária, aumentando a precisão sem sobrecarregar o sistema. Avaliamos a abordagem com um novo conjunto de dados contendo 4.128 APKs, abrangendo amostras benignas e maliciosas de nove famílias. Os resultados mostram ganho de até 0,06 na AUC em relação a métodos de visualização única.Referências
Abreu, V., Santin, A. O., Viegas, E. K., and Stihler, M. (2017). A multi-domain role activation model. In 2017 IEEE International Conference on Communications (ICC), page 1–6. IEEE.
Bashir, S., Maqbool, F., Khan, F. H., and Abid, A. S. (2024). Hybrid machine learning model for malware analysis in android apps. Pervasive and Mobile Computing, 97:101859.
Cui, Y., Sun, Y., and Lin, Z. (2023). Droidhook: a novel api-hook based android malware dynamic analysis sandbox. Automated Software Engineering, 30(1).
Espindola, A., Viegas, E. K., Traleski, A., Pellenz, M. E., and Santin, A. O. (2021). A deep autoencoder and rnn model for indoor localization with variable propagation loss. In 2021 17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). IEEE.
Filho, A. G., Viegas, E. K., Santin, A. O., and Geremias, J. (2025). A dynamic network intrusion detection model for infrastructure as code deployed environments. Journal of Network and Systems Management, 33(4).
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024). Network-based intrusion detection through image-based cnn and transfer learning. In 2024 International Wireless Communications and Mobile Computing (IWCMC), page 386–391. IEEE.
Li, J., He, J., Li, W., Fang, W., Yang, G., and Li, T. (2024). Syndroid: An adaptive enhanced android malware classification method based on ctgan-svm. Computers amp; Security, 137:103604.
Liu, H., Gong, L., Mo, X., Dong, G., and Yu, J. (2024). Ltachecker: Lightweight android malware detection based on dalvik opcode sequences using attention temporal networks. IEEE Internet of Things Journal, 11(14):25371–25381.
Martín, A., Lara-Cabrera, R., and Camacho, D. (2018). A new tool for static and dynamic android malware analysis. In Data Science and Knowledge Engineering for Sensing Decision Support, page 509–516. WORLD SCIENTIFIC.
Sabir, B., Ullah, F., Babar, M. A., and Gaire, R. (2021). Machine learning for detecting data exfiltration: A review. ACM Computing Surveys, 54(3):1–47.
Sharma, Y. K., Tomar, D. S., Pateriya, R., and Bhandari, S. (2025). Mosdroid: Obfuscation-resilient android malware detection using multisets of encoded opcode sequences. Computers amp; Security, 152:104379.
Shrestha, S., Pathak, S., and Viegas, E. K. (2023). Towards a robust adversarial patch attack against unmanned aerial vehicles object detection. In 2023 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), page 3256–3263. IEEE.
Simioni, J. A., Viegas, E. K., Santin, A. O., and de Matos, E. (2025). An energy-efficient intrusion detection offloading based on dnn for edge computing. IEEE Internet of Things Journal, 12(12):20326–20342.
Xiao, X., Zhang, S., Mercaldo, F., Hu, G., and Sangaiah, A. K. (2017). Android malware detection based on system call sequences and lstm. Multimedia Tools and Applications, 78(4):3979–3999.
Yumlembam, R., Issac, B., Yang, L., and Jacob, S. M. (2023). Android malware classification and optimisation based on bm25 score of android api. In IEEE INFOCOM 2023 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), page 1–6. IEEE.
Zou, D., Wu, Y., Yang, S., Chauhan, A., Yang, W., Zhong, J., Dou, S., and Jin, H. (2021). Intdroid: Android malware detection based on api intimacy analysis. ACM Transactions on Software Engineering and Methodology, 30(3):1–32.
Bashir, S., Maqbool, F., Khan, F. H., and Abid, A. S. (2024). Hybrid machine learning model for malware analysis in android apps. Pervasive and Mobile Computing, 97:101859.
Cui, Y., Sun, Y., and Lin, Z. (2023). Droidhook: a novel api-hook based android malware dynamic analysis sandbox. Automated Software Engineering, 30(1).
Espindola, A., Viegas, E. K., Traleski, A., Pellenz, M. E., and Santin, A. O. (2021). A deep autoencoder and rnn model for indoor localization with variable propagation loss. In 2021 17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). IEEE.
Filho, A. G., Viegas, E. K., Santin, A. O., and Geremias, J. (2025). A dynamic network intrusion detection model for infrastructure as code deployed environments. Journal of Network and Systems Management, 33(4).
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024). Network-based intrusion detection through image-based cnn and transfer learning. In 2024 International Wireless Communications and Mobile Computing (IWCMC), page 386–391. IEEE.
Li, J., He, J., Li, W., Fang, W., Yang, G., and Li, T. (2024). Syndroid: An adaptive enhanced android malware classification method based on ctgan-svm. Computers amp; Security, 137:103604.
Liu, H., Gong, L., Mo, X., Dong, G., and Yu, J. (2024). Ltachecker: Lightweight android malware detection based on dalvik opcode sequences using attention temporal networks. IEEE Internet of Things Journal, 11(14):25371–25381.
Martín, A., Lara-Cabrera, R., and Camacho, D. (2018). A new tool for static and dynamic android malware analysis. In Data Science and Knowledge Engineering for Sensing Decision Support, page 509–516. WORLD SCIENTIFIC.
Sabir, B., Ullah, F., Babar, M. A., and Gaire, R. (2021). Machine learning for detecting data exfiltration: A review. ACM Computing Surveys, 54(3):1–47.
Sharma, Y. K., Tomar, D. S., Pateriya, R., and Bhandari, S. (2025). Mosdroid: Obfuscation-resilient android malware detection using multisets of encoded opcode sequences. Computers amp; Security, 152:104379.
Shrestha, S., Pathak, S., and Viegas, E. K. (2023). Towards a robust adversarial patch attack against unmanned aerial vehicles object detection. In 2023 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), page 3256–3263. IEEE.
Simioni, J. A., Viegas, E. K., Santin, A. O., and de Matos, E. (2025). An energy-efficient intrusion detection offloading based on dnn for edge computing. IEEE Internet of Things Journal, 12(12):20326–20342.
Xiao, X., Zhang, S., Mercaldo, F., Hu, G., and Sangaiah, A. K. (2017). Android malware detection based on system call sequences and lstm. Multimedia Tools and Applications, 78(4):3979–3999.
Yumlembam, R., Issac, B., Yang, L., and Jacob, S. M. (2023). Android malware classification and optimisation based on bm25 score of android api. In IEEE INFOCOM 2023 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), page 1–6. IEEE.
Zou, D., Wu, Y., Yang, S., Chauhan, A., Yang, W., Zhong, J., Dou, S., and Jin, H. (2021). Intdroid: Android malware detection based on api intimacy analysis. ACM Transactions on Software Engineering and Methodology, 30(3):1–32.
Publicado
01/09/2025
Como Citar
FERREIRA, Ivson; OLIVEIRA, João Victor O. de; PURKOTT, Fernando; GEREMIAS, Jhonatan; VIEGAS, Eduardo K..
Classificação de Malwares Android com Análise Dinâmica Segmentada e Estratégia Multivisualização. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO - SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 216-225.
DOI: https://doi.org/10.5753/sbseg_estendido.2025.11807.
