Xinrun Zhang, A. Mathur, Lei Zhao, Safia Rahmat, Quamar Niyaz, A. Javaid, Xiaoli Yang
{"title":"An Early Detection of Android Malware Using System Calls based Machine Learning Model","authors":"Xinrun Zhang, A. Mathur, Lei Zhao, Safia Rahmat, Quamar Niyaz, A. Javaid, Xiaoli Yang","doi":"10.1145/3538969.3544413","DOIUrl":null,"url":null,"abstract":"Several host intrusion detection systems (HIDSs) based on system call analysis have been proposed in the past to detect intrusions and malware using relevant datasets. Machine learning (ML) techniques have been applied on those datasets to improve the performances of HIDSs. However, the emphasis given on their real-world deployment is limited. To address this issue, we propose a framework for system call processing for benign and malware Android apps with an ability of early detection of malware. We extracted and analyzed system call traces for benign and malware apps, and processed their system call traces with N-gram and TF-IDF models. Six ML algorithms – Decision Trees, Random Forest, K-Nearest Neighbors, Naive Bayes, Support Vector Machines, and Multi-layer Perceptron – were trained for the malware detection system. The experimental results demonstrate that our Android malware detection system (AMDS), using traces of 3000 system calls, is capable of early detection with an average accuracy of 99.34%. We also implemented an Android app based on a client-server architecture for the proposed AMDS to demonstrate its deployment for malware detection in real-time.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 17th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3538969.3544413","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Several host intrusion detection systems (HIDSs) based on system call analysis have been proposed in the past to detect intrusions and malware using relevant datasets. Machine learning (ML) techniques have been applied on those datasets to improve the performances of HIDSs. However, the emphasis given on their real-world deployment is limited. To address this issue, we propose a framework for system call processing for benign and malware Android apps with an ability of early detection of malware. We extracted and analyzed system call traces for benign and malware apps, and processed their system call traces with N-gram and TF-IDF models. Six ML algorithms – Decision Trees, Random Forest, K-Nearest Neighbors, Naive Bayes, Support Vector Machines, and Multi-layer Perceptron – were trained for the malware detection system. The experimental results demonstrate that our Android malware detection system (AMDS), using traces of 3000 system calls, is capable of early detection with an average accuracy of 99.34%. We also implemented an Android app based on a client-server architecture for the proposed AMDS to demonstrate its deployment for malware detection in real-time.