TY - JOUR
T1 - Evaluation of machine learning classifiers for mobile malware detection
AU - Narudin, Fairuz Amalina
AU - Feizollah, Ali
AU - Anuar, Nor Badrul
AU - Gani, Abdullah
PY - 2016/1/22
Y1 - 2016/1/22
N2 - Mobile devices have become a significant part of people's lives, leading to an increasing number of users involved with such technology. The rising number of users invites hackers to generate malicious applications. Besides, the security of sensitive data available on mobile devices is taken lightly. Relying on currently developed approaches is not sufficient, given that intelligent malware keeps modifying rapidly and as a result becomes more difficult to detect. In this paper, we propose an alternative solution to evaluating malware detection using the anomaly-based approach with machine learning classifiers. Among the various network traffic features, the four categories selected are basic information, content based, time based and connection based. The evaluation utilizes two datasets: public (i.e. MalGenome) and private (i.e. self-collected). Based on the evaluation results, both the Bayes network and random forest classifiers produced more accurate readings, with a 99.97 % true-positive rate (TPR) as opposed to the multi-layer perceptron with only 93.03 % on the MalGenome dataset. However, this experiment revealed that the k-nearest neighbor classifier efficiently detected the latest Android malware with an 84.57 % true-positive rate higher than other classifiers.
AB - Mobile devices have become a significant part of people's lives, leading to an increasing number of users involved with such technology. The rising number of users invites hackers to generate malicious applications. Besides, the security of sensitive data available on mobile devices is taken lightly. Relying on currently developed approaches is not sufficient, given that intelligent malware keeps modifying rapidly and as a result becomes more difficult to detect. In this paper, we propose an alternative solution to evaluating malware detection using the anomaly-based approach with machine learning classifiers. Among the various network traffic features, the four categories selected are basic information, content based, time based and connection based. The evaluation utilizes two datasets: public (i.e. MalGenome) and private (i.e. self-collected). Based on the evaluation results, both the Bayes network and random forest classifiers produced more accurate readings, with a 99.97 % true-positive rate (TPR) as opposed to the multi-layer perceptron with only 93.03 % on the MalGenome dataset. However, this experiment revealed that the k-nearest neighbor classifier efficiently detected the latest Android malware with an 84.57 % true-positive rate higher than other classifiers.
KW - Android malware detection
KW - Anomaly based
KW - Intrusion detection system
KW - Machine learning
KW - Mobile device
UR - https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=pure_starter&SrcAuth=WosAPI&KeyUT=WOS:000367819100025&DestLinkType=FullRecord&DestApp=WOS_CPL
UR - https://www.scopus.com/pages/publications/84952979147
U2 - 10.1007/s00500-014-1511-6
DO - 10.1007/s00500-014-1511-6
M3 - Article
SN - 1432-7643
VL - 20
SP - 343
EP - 357
JO - Soft Computing
JF - Soft Computing
IS - 1
ER -