A Comparison of Machine and Deep Learning Models for Detection and Classification of Android Malware Traffic

Abstract

With the increasing popularity of mobile-app services, malicious software is increasing as well. Accordingly, the interest of the scientific community in Machine and Deep Learning solutions for detecting and classifying malware traffic is growing. In this work, we provide a fair assessment of the performance of a number of data-driven strategies to detect and classify Android malware traffic. Three models are taken into account (Decision Tree, Random Forest, and 1-D Convolutional Neural Network) considering both flat (i.e. non-hierarchical) and hierarchical approaches. The experimental analysis performed using a state-of-art dataset (CIC-AAGM2017) reports that Random Forest exhibits the best performance in a flat setup, while moving to a hierarchical approach could cause significant variation in precision and recall. Such results push for further investigating advanced hierarchical setups and learning schemes.