Comparative Analysis of Machine Learning Models for Android Malware Detection

Yıl 2024, Cilt: 28 Sayı: 3, 517 - 530, 30.06.2024

Selma Bulut , Adem Korkmaz

https://doi.org/10.16984/saufenbilder.1350839

Öz

The rapid growth of Android devices has led to increased security concerns, especially from malicious software. This study extensively compares machine-learning algorithms for effective Android malware detection. Traditional models, such as random forest (RF) and support vector machines (SVM), alongside advanced approaches, such as convolutional neural networks (CNN) and XGBoost, were evaluated. Leveraging the NATICUSdroid dataset containing 29,332 records and 86 traces, the results highlight the superiority of RF with 97.1% and XGBoost with 97.2% accuracy. However, evolving malware and real-world unpredictability require a cautious interpretation. Promising as they are, our findings stress the need for continuous innovation in malware detection to ensure robust Android user security and data integrity.

Anahtar Kelimeler

Android malware detection, Machine learning algorithms, Naticusdroid dataset, Comparative analysis, Data integrity

Kaynakça

• [1] A. Turner. (2022, Jan 12). How many Android users are there? Global statistics. [Online]. Available: https://www.bankmycell.com/blog/how-many-android-users-are-there
• [2] Google. (2023, Aug 26). Wear OS by Google. [Online]. Available: https://wearos.google.com
• [3] Android. (2023, Aug 25). Android TV. [Online]. Available: https://www.android.com/tv/
• [4] S. Büyükgöze, “Mobil uygulama marketlerinin güvenlik modeli incelemeleri,” Türkiye Bilişim Vakfı Bilgisayar Bilimleri ve Mühendisliği Dergisi, 12(1), pp.9-18. 2019.
• [5] A. Kivva, (2023, Jun 07). IT threat evolution Q1 2023. Mobile statistics. [Online]. Available: https://securelist.com/it-threat-evolution-q1-2023-mobile-statistics/109893/
• [6] A. Mathur, L. M. Podila, K. Kulkarni, Q. Niyaz, A. Y. Javaid, “NATICUSdroid: A malware detection framework for Android using native and custom permissions,” Journal of Information Security and Applications, vol. 58, no. 102696, p. 102696, 2021.
• [7] A. Mathur, E. Ewoldt, Q. Niyaz, A. Javaid, X. Yang, “Permission-educator: App for educating users about android permissions,” in Conf. Intelligent Human Computer Interaction, Cham: Springer International Publishing, 2022, pp.361–371.
• [8] K. Liu, G. Zhang, X. Chen, Q. Liu, L. Peng, L. Yurui, “Android malware detection based on sensitive patterns,” Telecommunication Systems, vol. 82, no. 4, pp. 435–449, 2023.
• [9] Android Developers. (2023, Aug 26). Permissions on android. [Online]. Available: https://developer.android.com/guide/topics/permissions/overview.
• [10] E. Georgescu, (2020, Oct 16). The hidden dangers of Android permissions - description and mitigation. [Online]. Available: https://heimdalsecurity.com/blog/android-permissions-full-guide/.
• [11] R. Islam, M. I. Sayed, S. Saha, M. J. Hossain, M. A. Masud, “Android malware classification using optimum feature selection and ensemble machine learning,” Internet of Things and Cyber-Physical Systems, vol. 3, pp. 100–111, 2023.
• [12] Q. Wu, X. Zhu, B. Liu, (2021). “A survey of android malware static detection technology based on machine learning,” Mobile Information Systems, pp. 1-18, 2021.
• [13] S. Shi, S. Tian, B. Wang, T. Zhou, G. Chen, “SFCGDroid: android malware detection based on sensitive function call graph,” International Journal of Information Security, pp.1-10, 2023.
• [14] L. Zhen, R. Wang, N. Japkowicz, D. Tang, W. Zhang, J. Zhao, “Research on unsupervised feature learning for Android malware detection based on Restricted Boltzmann Machines,” Future Generation Computer Systems, Volume 120, pp.91-108, 2021.
• [15] Y. Zhou, X. Jiang, “Dissecting android malware: Characterization and evolution,” in Conf. Security and Privacy, 2012, pp.95-109.
• [16] S. Y. Yerima, S. Khan, “Longitudinal performance analysis of machine learning based Android malware detectors,” in Conf. Cyber Security and Protection of Digital Services (Cyber Security), 2019, pp.1-8.
• [17] A. Rahali, A. H. Lashkari, G. Kaur, L. Taheri, F. Gagnon, F. Massicotte, “DIDroid: Android malware classification and characterization using deep image learning,” in Conf. Communication and Network Security, 2020, pp.70-82.
• [18] J. Kim, Y. Ban, E. Ko, H. Cho, J. H. Yi, “MAPAS: a practical deep learning-based android malware detection system,” International Journal of Information Security, vol. 21, no. 4, pp. 725–738, 2022.
• [19] F. Giannakas, V. Kouliaridis, G. Kambourakis, “A closer look at machine learning effectiveness in Android malware detection,” Information (Basel), vol. 14, no. 1, p. 2, 2022.
• [20] C. D. Nguyen, N. H. Khoa, K. N. D. Doan, N. T. Cam, “Android Malware Category and Family Classification Using Static Analysis,” in Conf. Information Networking (ICOIN), IEEE, 2023, pp. 162-167.
• [21] C. Ding, N. Luktarhan, B. Lu, W. Zhang, “A hybrid analysis-based approach to android malware family classification,” Entropy, 23(8), 1009, 2021.
• [22] M. N. U. R. Chowdhury, A. Haque, H. Soliman, M. S. Hossen, T. Fatima, I. Ahmed, “Android malware Detection using Machine learning: A Review,” arXiv preprint arXiv:2307.02412, 2023.
• [23] H. Rathore, S. Chari, N. Verma, S. K. Sahay, M. Sewak, “Android Malware Detection Based on Static Analysis and Data Mining Techniques: A Systematic Literature Review,“ in Conf. Broadband Communications, Networks and Systems Cham: Springer Nature Switzerland, 2023, pp. 51-71.
• [24] A. Mathur, NATICUSdroid (Android Permissions) Dataset. UCI Machine Learning Repository, 2022.
• [25] K. He, X. Zhang, S. Ren, J. Sun, “Deep residual learning for image recognition,” in Conf. Computer Vision and Pattern Recognition (CVPR), 2016, pp.770-778.
• [26] E. Öztemel, Yapay sinir ağlari, Papatya Yayincilik, ISBN: 978-975-6797-39-6. Istanbul, Turkey, 2023.
• [27] S. Haykin, Neural Networks and Learning Machines, Pearson: Upper Saddle River, Neural Networks and Learning Machines, vol. 3, India, 2009.
• [28] E. Egrioglu, C. H. Aladag, U. Yolcu, V. R. Uslu, M. A. Basaran, “A new approach based on artificial neural networks for high order multivariate fuzzy time series,” Expert System with Applications, vol. 36, no. 7, pp. 10589–10594, 2009.
• [29] U. Porwal, Z. Shi, S. Setlur, Machine learning in handwritten Arabic text recognition, In Handbook of Statistics Vol. 31, pp. 443-469, Elsevier, 2013.
• [30] Y. LeCun, L. Bottou, Y. Bengio, P. Haffner, “Gradient-based learning applied to document recognition.”, Proceedings of the IEEE, 86(11), 1998, pp.2278-2324.
• [31] A. Krizhevsky, I. Sutskever, G. E. Hinton, “ImageNet classification with deep convolutional neural networks”. In Advances in neural information processing systems, pp. 1097-1105, 2012.
• [32] D. Scherer, A. Müller, S. Behnke, “Evaluation of pooling operations in convolutional architectures for object recognition,” in Conf. Artificial Neural Networks (ICANN), 2010, pp. 92-101.
• [33] L. Breiman, “Random forests,” Machine learning, 45(1), pp.5-32, 2001.
• [34] S. J. Rigatti, “Random forests,” Journal of Insurance Medicine, 47(1), 31-39, 2017.
• [35] M. Schonlau, R. Y. Zou, “The random forest algorithm for statistical learning,” The Stata Journal, 20(1), pp.3-29, 2020.
• [36] S. B. Kotsiantis, I. Zaharakis, P. Pintelas, “Supervised machine learning: A review of classification techniques,” Emerging artificial intelligence applications in computer engineering, 160(1), pp.3-24, 2007.
• [37] Ö. Tomak, Derin Öğrenme Algoritmalarının EKG Aritmilerinin Sınıflandırılmasında Değerlendirilmesi, Karadeniz Teknik Üniversitesi, Trabzon, 2018.
• [38] G. Bilgin, “Makine öğrenmesi algoritmaları kullanarak erken dönemde diyabet hastalığı riskinin araştırılması,” Journal of Intelligent Systems: Theory and Applications, 4(1), pp.55-64, 2021.
• [39] O. Sevli, “Farklı Sınıflandırıcılar ve Yeniden Örnekleme Teknikleri Kullanılarak Kalp Hastalığı Teşhisine Yönelik Karşılaştırmalı Bir Çalışma,” Journal of Intelligent Systems: Theory and Applications, 5(2), pp.92-105, 2022.
• [40] V. Vapnik, S. Golowich, A. Smola, “Support vector method for function approximation, regression estimation and signal processing,” Advances in neural information processing systems, 9, pp.281-287, 1996.
• [41] S. R. Gunn, “Support vector machines for classification and regression”, ISIS technical report, 14(1), pp.5-16, 1998.
• [42] B. Deekshitha, C. Aswitha, C. S. Sundar, A. K. Deepthi, “URL Based Phishing Website Detection by Using Gradient and Catboost Algorithms.” International Journal Research Applied Science and Engineering Technology, 10(6), pp.3717-3722, 2022.
• [43] S. Ramraj, N. Uzir, R. Sunil, S. Banerjee, “Experimenting XGBoost algorithm for prediction and classification of different datasets,” International Journal of Control Theory and Applications, 9(40), pp.651-662, 2016.
• [44] N. Memon, S. B. Patel, D. P. Patel, “Comparative analysis of artificial neural network and XGBoost algorithm for PolSAR image classification,” in Conf. Pattern Recognition and Machine Intelligence, Cham: Springer International Publishing, 2019, pp.452-460.
• [45] A. Korkmaz, S. Büyükgöze, “Sahte Web Sitelerinin Sınıflandırma Algoritmaları İle Tespit Edilmesi,” Avrupa Bilim ve Teknoloji Dergisi, (16), pp.826-833, 2019.
• [46] D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, “Drebin: Effective and explainable detection of android malware in your pocket,” In Conf Network and Distributed System Security Symposium (NDSS), Vol. 14, 2014, pp. 23-26.
• [47] S. Mahdavifar, D. Alhadidi, A. A. Ghorbani, “Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder,” Journal of network and systems management, 30, pp.1-34, 2022.
• [48] A. H. E. Fiky, A. E. Shenawy, M. A. Madkour, “Android malware category and family detection and identification using machine learning,” arXiv preprint arXiv:2107.01927, 2021.
• [49] S. Lou, S. Cheng, J. Huang, F. Jiang, “TFDroid: Android malware detection by topics and sensitive data flows using machine learning techniques,” in Conf. information and computer technologies (ICICT) IEEE, 2019, pp.30-36.