Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset

4区计算机科学 Q3 Computer Science

Security and Communication Networks Pub Date : 2024-04-08 DOI:10.1155/2024/7382302

Mudassar Waheed, Sana Qadir

{"title":"Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset","authors":"Mudassar Waheed, Sana Qadir","doi":"10.1155/2024/7382302","DOIUrl":null,"url":null,"abstract":"Android is the most widely used mobile operating system and responsible for handling a wide variety of data from simple messages to sensitive banking details. The explosive increase in malware targeting this platform has made it imperative to adopt machine learning approaches for effective malware detection and classification. Since its release in 2008, the Android platform has changed substantially and there has also been a significant increase in the number, complexity, and evolution of malware that target this platform. This rapid evolution quickly renders existing malware datasets out of date and has a degrading impact on machine learning-based detection models. Many studies have been carried out to explore the effectiveness of various machine learning models for Android malware detection. Majority of these studies use datasets that have compiled using static or dynamic analysis of malware but the use of hybrid analysis approaches has not been addressed completely. Likewise, the impact of malware evolution has not been fully investigated. Although some of the models have achieved exceptional results, their performance deteriorated for evolving malware and they were also not effective against antidynamic malware. In this paper, we address both these limitations by creating an enhanced subset of the KronoDroid dataset and using it to develop a supervised machine learning model capable of detecting evolving and antidynamic malware. The original KronoDroid dataset contains malware samples from 2008 to 2020, making it effective for the detection of evolving malware and handling concept drift. Also, the dynamic features are collected by executing the malware on a real device, making it effective for handling antidynamic malware. We create an enhanced subset of this dataset by adding malware category labels with the help of multiple online repositories. Then, we train multiple supervised machine learning models and use the ExtraTree classifier to select the top 50 features. Our results show that the random forest (RF) model has the highest accuracy of 98.03% for malware detection and 87.56% for malware category classification (for 15 malware categories).","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Security and Communication Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1155/2024/7382302","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

Android is the most widely used mobile operating system and responsible for handling a wide variety of data from simple messages to sensitive banking details. The explosive increase in malware targeting this platform has made it imperative to adopt machine learning approaches for effective malware detection and classification. Since its release in 2008, the Android platform has changed substantially and there has also been a significant increase in the number, complexity, and evolution of malware that target this platform. This rapid evolution quickly renders existing malware datasets out of date and has a degrading impact on machine learning-based detection models. Many studies have been carried out to explore the effectiveness of various machine learning models for Android malware detection. Majority of these studies use datasets that have compiled using static or dynamic analysis of malware but the use of hybrid analysis approaches has not been addressed completely. Likewise, the impact of malware evolution has not been fully investigated. Although some of the models have achieved exceptional results, their performance deteriorated for evolving malware and they were also not effective against antidynamic malware. In this paper, we address both these limitations by creating an enhanced subset of the KronoDroid dataset and using it to develop a supervised machine learning model capable of detecting evolving and antidynamic malware. The original KronoDroid dataset contains malware samples from 2008 to 2020, making it effective for the detection of evolving malware and handling concept drift. Also, the dynamic features are collected by executing the malware on a real device, making it effective for handling antidynamic malware. We create an enhanced subset of this dataset by adding malware category labels with the help of multiple online repositories. Then, we train multiple supervised machine learning models and use the ExtraTree classifier to select the top 50 features. Our results show that the random forest (RF) model has the highest accuracy of 98.03% for malware detection and 87.56% for malware category classification (for 15 malware categories).

查看原文本刊更多论文

使用增强型 KronoDroid 数据集有效、高效地进行安卓恶意软件检测和类别分类

安卓是使用最广泛的移动操作系统，负责处理从简单信息到敏感银行信息等各种数据。针对这一平台的恶意软件呈爆炸式增长，因此采用机器学习方法进行有效的恶意软件检测和分类势在必行。自 2008 年发布以来，安卓平台发生了巨大变化，针对该平台的恶意软件的数量、复杂性和演化程度也显著增加。这种快速演变使现有的恶意软件数据集迅速过时，并对基于机器学习的检测模型产生了负面影响。为了探索各种机器学习模型在安卓恶意软件检测中的有效性，已经开展了许多研究。这些研究大多使用对恶意软件进行静态或动态分析后编制的数据集，但混合分析方法的使用尚未完全解决。同样，恶意软件进化的影响也没有得到充分研究。虽然有些模型取得了优异的成绩，但它们在处理不断进化的恶意软件时性能下降，而且对反动态恶意软件也无效。在本文中，我们通过创建 KronoDroid 数据集的增强子集，并利用该子集开发能够检测进化型和反动态型恶意软件的监督机器学习模型，解决了这两个局限性。原始 KronoDroid 数据集包含 2008 年至 2020 年的恶意软件样本，因此能有效检测不断演变的恶意软件并处理概念漂移。此外，动态特征是通过在真实设备上执行恶意软件收集的，因此能有效处理反动态恶意软件。我们借助多个在线资料库添加恶意软件类别标签，创建了该数据集的增强子集。然后，我们训练多个有监督的机器学习模型，并使用 ExtraTree 分类器选择前 50 个特征。结果表明，随机森林（RF）模型的恶意软件检测准确率最高，达到 98.03%，恶意软件类别分类准确率最高，达到 87.56%（15 个恶意软件类别）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Security and Communication Networks COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

自引率

0.00%

发文量

1274

审稿时长

11.3 months

期刊介绍： Security and Communication Networks is an international journal publishing original research and review papers on all security areas including network security, cryptography, cyber security, etc. The emphasis is on security protocols, approaches and techniques applied to all types of information and communication networks, including wired, wireless and optical transmission platforms. The journal provides a prestigious forum for the R&D community in academia and industry working at the inter-disciplinary nexus of next generation communications technologies for security implementations in all network layers. Answering the highly practical and commercial importance of network security R&D, submissions of applications-oriented papers describing case studies and simulations are encouraged as well as research analysis-type papers.