Android malware detection using machine learning

Usukhbayar Baldangombo; Zolzaya Kherlenchimeg; Ugtakhbayar Naidansuren

doi:10.5564/jimdt.v6i1.3383

Authors

Usukhbayar Baldangombo School of Information Technology and Electronics, National University of Mongolia, Ulaanbaatar 14201, Mongolia. https://orcid.org/0000-0002-0789-6618
Zolzaya Kherlenchimeg School of Information Technology and Electronics, National University of Mongolia, Ulaanbaatar 14201, Mongolia. https://orcid.org/0000-0002-7486-6224
Ugtakhbayar Naidansuren School of Information Technology and Electronics, National University of Mongolia, Ulaanbaatar 14201, Mongolia https://orcid.org/0000-0002-5783-1388

DOI:

https://doi.org/10.5564/jimdt.v6i1.3383

Keywords:

Mobile malware, malware analysis, static analysis

Abstract

In this study, we present a static Android malware detection system using data mining and machine learning techniques that includes five feature selection methods: Information Gain, Binormal Separation, Chi-squared, Relief, and Principal Component Analysis; and four machine learning algorithms: Naive Bayes, SVM, J48, and Random Forest. To overcome the lack of usual signature-based antivirus products, we use static analysis to extract valuable features of Android applications. We extract permission and API call features of Android APK files. Afterward, the feature selection methods are used to select valuable feature subsets. This feature subset is selected by conducting extensive experimental analysis in which experimental thresholds select various feature subsets, and the subset trains the machine learning algorithms to find the best model. By adopting the concepts of machine learning and data mining, we construct a malware detection system that has an Overall Accuracy of 96%.

Downloads

Download data is not yet available.

Abstract
180

PDF

97

References

[1] K. A. Nelson, R. J. Davis, D. R. Lutz, and W. Smith, "Optical generation of tunable ultrasonic waves," Journal of Applied Physics, Vol. 53, no. 2, Feb., pp. 1144-1149, 2002, doi:10.1063/1.329864. https://doi.org/10.1063/1.329864

[2] "Smartphone OS Market Share" 2023 Q4, Accessed Jan., 2024, http://www.idc.com/promo/smartphone-market-share/os

[3] Y. Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution,"in IEEE Symposium on Security and Privacy, S.P. 2012, 21-23 May 2012, San Francisco, California, USA, pp. 95-109.

[4] I.T. threat evolution Q3 2023, accessed Jan. 2024, https://securelist.com/it-threat-evolutionq3-2023-mobile-statistics/111224/.

[5] D. Maiorca, F. Mercaldo, G. Giacinto, A. Visaggio, and F. Martinelli, "R-PackDroid: API Package-Based Characterization and Detection of Mobile Ransomware, in ACM Symposium on Applied Computing (SAC), pp. 1718-1723, 2017.

[6] M. Sikorski and A. Honig, Practical Malware Analysis, No Starch Press, 2012. https://doi.org/10.1016/S1353-4858(12)70109-5

[7] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A Survey of Mobile Malware In The Wild," in Proc. of the 1st Workshop on Security and Privacy in Smartphones and Mobile Devices, 2011.

[8] N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, "Machine learning aided Android malware classification," Computers and Electrical Engineering, vol. 61, pp. 266-274, 2017. https://doi.org/10.1016/j.compeleceng.2017.02.013

[9] D. Arp, M. Spreitzenbarth, M. Huebner, H. Gascon, and K. Rieck, "Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket," in 21st Annual Network and Distributed System Security Symposium (NDSS), February 2014.

[10] D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu, "Droidmat: Android malware detection through manifest and api calls tracing," in Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62-69, IEEE, 2012.

[11] Y. Aafer, W. Du, and H. Yin, "DroidAPIMiner: Mining API-level features for robust malware detection in android,"Springer, pp. 86-103, 2013.

[12] I. H. Witten and E. Frank, Data Mining: Practical Machine Learning Tools and Techniques, 2nd ed., Morgan Kaufmann, 2005.

[13] J. R. Quinlan, C4.5: Programs for Machine Learning, Morgan Kaufmann, USA, 1993. [14] W. J. Li, S. J. Stolfo, A. Stavrou, E. Androulaki, and A. D. Keromytis, "A Study of Malcode-Bearing Documents", in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), pp. 231-250, Springer, Switzerland, 2007.

[15] A. Aswini and P. Vinod, "Droid permission miner: Mining prominent permissions for Androidmalware analysis,"in Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT), IEEE, 2014.

[16] W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification,"in Proc. of the 16th ACM Conference on Computer and Communications Security,pp. 235-245, ACM, 2009.

[17] B. Sanz, I. Santos, C. Laorden, X. Ugarte-Pedrero, and P. G. Bringas, "On the automatic categorisation of android applications," in Consumer Communications and Networking Conference (CCNC), pp. 149-153, IEEE, 2012.

[18] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android permissions demystified,"in Proc. of the 18th ACM Conf. on Computer and Communications Security, pp. 627-638, ACM,2011.

[19] I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: behavior based malware detection system for android,"in Proc. of the 1st ACM Workshop on Security and Privacy in Smartphonesand Mobile Devices, pp. 15-26, ACM, 2011.

[20] C. Gibler, J. Crussell, J. Erickson, and H. Chen, "AndroidLeaks: Detecting Privacy Leaks in Android Applications,"Tech. rep., UC Davis, 2011.

[21] S. H. Seo, A. M. Sallam, E. Bertino, and K. Yim, "Detecting mobile malware threats to homeland security through static analysis,"Journal of Network and Computer Applications, vol.38, pp. 43-53, 2014. https://doi.org/10.1016/j.jnca.2013.05.008

[22] N. Peiravian and X. Zhu, "Machine learning for android malware detection using permission and api calls,"in Proc. of the 2013 IEEE 25th International Conference on Tools with Artificial Intelligence (ICTAI’13), pp. 300-305, IEEE, 2013.

[23] C. Yang, Z. Xu, G. Gu, V. Yegneswaran, and P. Porras, "Droidminer: Automated mining and characterization of fine-grained malicious behaviors in android applications," in Computer Security-ESORICS, pp. 163-182, Springer, 2014.

[24] M. Zhang, Y. Duan, H. Yin, and Z. Zhao, "Semantics-aware Android malware classification using weighted contextual API dependency graphs,"in Proc. of ACM CCS, 2014.

[25] Free Online Virus, Malware and URL Scanner: https://www.virustotal.com.

[26] A. Desnos and G. Gueguen, "Android: From reversing to decompilation,"in Proc. of Black Hat, Abu Dhabi, 2011.

Android malware detection using machine learning

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Information

Current Issue