DroidTKM: Detection of Trojan Families using the KNN Classifier Based on Manhattan Distance Metric

Abstract

Currently, the speed of Android malware publications has increased dramatically. The rapid rise of malware has made malware detection and family classification to become an important challenge; because attackers can publish more malware with minor changes in existing android applications. These minor changes in the application lead to the creation of multiple families of malware. So far, many methods have been proposed to detect malware applications and classify them. However, few methods focus on detecting malware families. In this paper, a detection method is proposed to identify Trojan families in order to improve accuracy and reduce error rates. To achieve these purposes, static and dynamic analysis are used to extract the required features of the applications. The k- means method has also been used to preprocess the obtained dataset. Then, a detection model is developed to identify families using the classifiers of K-Nearest Neighbor (KNN), Support Vector Machine, and Iterative Dichotomiser 3. The accuracy of KNN is also measured according to different distance metrics which has not yet been studied among malware detection methods. The proposed method is able to detect a variety of Trojans using KNN based on Manhattan metric with an accuracy of 97.83% and False Positive Rate (FPR) of 0.06%. The comparison between the performance of the proposed method and the other methods shows a 4.83% and 0.94% improvement in terms of accuracy and FPR, respectively.