Malware detection in android mobile platform using machine learning algorithms

Malware has always been a problem in regards to any technological advances in the software world. Thus, it is to be expected that smart phones and other mobile devices are facing the same issues. In this paper, a practical and effective anomaly based malware detection framework is proposed with an emphasis on Android mobile computing platform. A dataset consisting of both benign and malicious applications (apps) were installed on an Android device to analyze the behavioral patterns. We first generate the system metrics (feature vector) from each app by executing it in a controlled environment. Then, a variety of machine learning algorithms: Decision Tree, K Nearest Neighbor, Logistic Regression, Multilayer Perceptron Neural Network, Naive Bayes, Random Forest, and Support Vector Machine are used to classify the app as benign or malware. Each algorithm is assessed using various performance criteria to identify which ones are more suitable to detect malicious software. The results suggest that Random Forest and Support Vector Machine provide the best outcomes thus making them the most effective techniques for malware detection.

[1]  Ali Feizollah,et al.  A Study Of Machine Learning Classifiers for Anomaly-Based Mobile Botnet Detection , 2013 .

[2]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[3]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[4]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[5]  Ali Dehghantanha,et al.  M0Droid: An Android Behavioral-Based Malware Detection Model , 2015 .

[6]  Mahmut Ozer,et al.  EEG signals classification using the K-means clustering and a multilayer perceptron neural network model , 2011, Expert Syst. Appl..

[7]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[8]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[9]  D. Powers Evaluation: From Precision, Recall and F-Factor to ROC, Informedness, Markedness & Correlation , 2008 .

[10]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[11]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[12]  Lionel Sacks,et al.  Active Platform Security through Intrusion Detection Using Naïve Bayesian Network for Anomaly Detection , 2002 .

[13]  Xiaodong Lin,et al.  An effective behavior-based Android malware detection system , 2015, Secur. Commun. Networks.

[14]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[15]  S. Vijayarani,et al.  Comparative Analysis of Bayes and Lazy Classification Algorithms , 2013 .

[16]  David W. Hosmer,et al.  Applied Logistic Regression , 1991 .

[17]  Neeraj Bhargava,et al.  Decision Tree Analysis on J48 Algorithm for Data Mining , 2013 .

[18]  Rashedur M. Rahman,et al.  Decision Tree and Naïve Bayes Algorithm for Classification and Generation of Actionable Knowledge for Direct Marketing , 2013 .

[19]  Suparna DasGupta,et al.  Malware Detection in Android Using Data Mining , 2017, Int. J. Nat. Comput. Res..

[20]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[21]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[22]  Bo-Suk Yang,et al.  Support vector machine in machine condition monitoring and fault diagnosis , 2007 .