Creating and sharing knowledge for telecommunications

Behaviour-based Malware Detection in Mobile Android Platforms Using Machine Learning Algorithms

Ferreira, P. ; Gupta, ; Inácio , P. R. M. I. ; Freire, M.

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications Vol. 12, Nº 4, pp. 62 - 88, December, 2021.

ISSN (print): 2093-5374
ISSN (online): 2093-5382

Scimago Journal Ranking: 0,41 (in 2021)

Digital Object Identifier: 10.22667/JOWUA.2021.12.31.062

During the last few years, several approaches have been proposed for detection of Android malware Apps, each usually using its own dataset. Generating a representative Android malware dataset to
evaluate malware detection approaches is a challenging task. Recently, the Canadian Institute for Cybersecurity released the CICAndMal2017 dataset, which includes recent and sophisticated Android samples spanning between five distinct categories: Adware, Ransomware, SMS malware, Scareware,
and Benign. The best classification result obtained for this dataset was with a Precision of 95.3%, achieved with the Random Forest algorithm, using Permissions and Intents as static features. In this paper, we investigate the usage of nine machine learning algorithms to classify malware in the above mentioned dataset. The comparison of the obtained results is performed with the ones obtained with Random Forest, including performance evaluation (in terms of Precision, Recall, F-Measure, and
Accuracy) and resource usage (in terms of execution time and CPU and memory consumption). Besides, we also investigate the use of a non-sliding Bag of System Calls algorithm with the above
mentioned machine learning algorithms. It is shown that the Adaboost algorithm, using the Random Forest as a base estimator, leads to the best classification results with an Accuracy of 98.24%, a Precision of 99.31% (for malware), and an F1-Measure of 95.05% (for malware), at the cost of a larger execution time than Random Forest