Behaviour-based Malware Detection in Mobile AndroidPlatforms Using Machine Learning Algorithms

André Prata Ferreira1, Chetna Gupta2, Pedro R. M. Inácio1,2, and Mário M. Freire1,2+
1Instituto de Telecomunicações, Universidade da Beira Interior, Covilhã, Portugal
  D1569@ubi.pt, {inacio, mario}@di.ubi.pt

2Centro de Competências em Cloud Computing, Universidade da Beira Interior Covilhã, Portugal 

chetna.gupta@ubi.pt

 

 

Abstract

During the last few years, several approaches have been proposed for detection of Android malware Apps, each usually using its own dataset. Generating a representative Android malware dataset to evaluate malware detection approaches is a challenging task. Recently, the Canadian Institute for Cybersecurity released the CICAndMal2017 dataset, which includes recent and sophisticated Android samples spanning between five distinct categories: Adware, Ransomware, SMS malware, Scareware, and Benign. The best classification result obtained for this dataset was with a Precision of 95.3%, achieved with the Random Forest algorithm, using Permissions and Intents as static features. In this paper, we investigate the usage of nine machine learning algorithms to classify malware in the above mentioned dataset. The comparison of the obtained results is performed with the ones obtained with Random Forest, including performance evaluation (in terms of Precision, Recall, F-Measure, and Accuracy) and resource usage (in terms of execution time and CPU and memory consumption). Besides, we also investigate the use of a non-sliding Bag of System Calls algorithm with the above mentioned machine learning algorithms. It is shown that the Adaboost algorithm, using the Random Forest as a base estimator, leads to the best classification results with an Accuracy of 98.24%, a Precision of 99.31% (for malware), and an F1-Measure of 95.05% (for malware), at the cost of a larger execution time than Random Forest.

Keywords: Behaviour-Based Malware Detection, Static Malware Detection, Android Platforms,
Machine Learnig Algorithms

 

+: Corresponding author: Mário M. Freire
Departamento de Informática, Universidade da Beira Interior, Rua Marques de Ávila e Bolama,6201-001, Covilhã, Portugal

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)

Vol. 12, No. 4, pp. 62-88, December 2021 [pdf]

 

Received: July 2, 2021; Accepted: October 8, 2021; Published: December 31, 2021

DOI: 10.22667/JOWUA.2021.12.31.062