Evaluation of machine learning classifiers for mobile malware detection

Soft Computing

Volumn 20, Issue 1, 2016, Pages 343-357

  Narudin, Fairuz Amalina ^a   Feizollah, Ali ^a   Anuar, Nor Badrul ^a   Gani, Abdullah ^a  

^a UNIVERSITY OF MALAYA   (Malaysia)

Author keywords

Android malware detection; Anomaly based; Intrusion detection system; Machine learning; Mobile device

Indexed keywords

ARTIFICIAL INTELLIGENCE; BAYESIAN NETWORKS; CLASSIFICATION (OF INFORMATION); COMPUTER CRIME; DECISION TREES; INTRUSION DETECTION; LEARNING SYSTEMS; MALWARE; MOBILE DEVICES; PERSONAL COMPUTING;

ALTERNATIVE SOLUTIONS; ANDROID MALWARE; ANOMALY BASED; INTRUSION DETECTION SYSTEMS; K-NEAREST NEIGHBOR CLASSIFIER; LEARNING CLASSIFIERS; MULTI LAYER PERCEPTRON; RANDOM FOREST CLASSIFIER;

ANDROID (OPERATING SYSTEM);

EID: 84952979147     PISSN: 14327643     EISSN: 14337479     Source Type: Journal    
DOI: 10.1007/s00500-014-1511-6     Document Type: Article

References (66)

1. Amos B, Turner H, White J (2013) Applying machine learning classifiers to dynamic android malware detection at scale. In: Proceedings of the 9th international wireless communications and mobile computing conference (IWCMC), Sardinia, Italy, pp 1666–1671
2. Android (2013) Android 4.2, Jelly Bean. http://www.android.com/about/jelly-bean/. Accessed June 2013
3. Anuar NB, Sallehudin H, Gani A, Zakaria O (2008) Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malays J Comput Sci 21(2):101–115
4. Anubis (2013) Anubis: analyzing unknown binaries. http://anubis.iseclab.org/. Accessed Feb 2013
5. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K (2014) DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the 2014 network and distributed system security (NDSS) symposium, San Diego, USA (2014)
6. Arstechnica (2013) More BadNews for android: new malicious apps found in google play. http://arstechnica.com/security/2013/04/more-badnews-for-android-new-malicious-apps-found-in-google-play/. Accessed 1st Jan 2013
7. Bradley AP (1997) The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognit 30(7):1145–1159
8. Breiman L (2001) Random forests. Mach Learn 45(1):5–32
9. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices, Chicago, pp 15–26
10. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices, Chicago, USA, pp 15–26
11. Curiac D-I, Volosencu C (2012) Ensemble based sensing anomaly detection in wireless sensor networks. Exp Syst Appl 39(10):9087–9096
12. Dini G, Martinelli F, Saracino A, Sgandurra D (2012) MADAM: a multi-level anomaly detector for android malware. In: Proceedings of the 6th international conference on mathematical methods, models and architectures for computer network security (MMM-ACNS 2012), Saint Petersburg, Russia, pp 240–253
13. Egele M, Scholte T, Kirda E, Kruegel C (2008) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv 44(2):1–42
14. Eskandari M, Hashemi S (2012) A graph mining approach for detecting unknown malwares. J Vis Lang Comput 23(3):154–162
15. Fawcett T (2006) An introduction to ROC analysis. Pattern Recognit Lett 27(8):861–874
16. Felt AP, Finifter M, Chin E, Hanna S, Wagner D (2011) A survey of mobile malware in the wild. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices, Chicago, Illinois, USA, pp 3–14
17. Friedman N, Geiger D, Goldszmidt M (1997) Bayesian network classifiers. Mach Learn 29(2–3):131–163
18. F-Secure (2013) Android accounted for 79% of all mobile malware in 2012, 96% in Q4 alone. http://techcrunch.com/2013/03/07/f-secure-android-accounted-for-79-of-all-mobile-malware-in-2012-96-in-q4-alone/. Accessed 1st June 2013
19. García-Teodoro P, Díaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 28(1–2):18–28
20. Gogoi P, Bhattacharyya DK, Borah B, Kalita JK (2013) MLH-IDS: a multi-level hybrid intrusion detection method. Comput J 2013 doi:10.1093/comjnl/bxt044. Online. http://comjnl.oxfordjournals.org/content/early/2013/05/12/comjnl.bxt044.abstract. Accessed 12 May 2013
21. Gribskov M, Robinson NL (1996) Use of receiver operating characteristic (ROC) analysis to evaluate sequence matching. Comput Chem 20(1):25–33
22. Hardwarezone (2013) Trend micro predicts android malware increase by 185%. http://www.hardwarezone.com.ph/tech-news-trend-micro-predicts-android-malware-increase-185. Accessed 1st Jan 2013
23. Huang C-Y, Tsai Y-T, Hsu C-H (2013) Performance evaluation on permission-based detection for android malware. In: Pan, J-S, Yang C-N, Lin C-C (eds) Advances in intelligent systems and applications, vol 2. Springer, Berlin, pp 111–120
24. Hyo-Sik H, Mi-Jung C (2013) Analysis of android malware detection performance using machine learning classifiers. In: Proceedings of the international conference on ICT convergence (ICTC), Jeju, Ethiopia, pp 490–495
25. Kolter JZ, Maloof MA (2006) Learning to detect and classify malicious executables in the wild. J Mach Learn Res 7:2721–2744
26. Kotsiantis SB, Zaharakis ID, Pintelas PE (2006) Machine learning: a review of classification and combining techniques. Artif Intell Rev 26(3):159–190
27. Lai Y, Liu Z (2011) Unknown malicious code detection based on bayesian. Procedia Eng 15:3836–3842
28. Lamiaa Ibrahim MS, Rahman Azema Abd El, Zeidan Amany, Ragb Maha (2013) Crucial role of CD4+CD 25+ FOXP3+ T regulatory cell, interferon-γ and interleukin-16 in malignant and tuberculous pleural effusions. Immunol Investig 42(2):122–136
29. Lee W, Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur 3(4):227–261
30. Liang S, Keep AW, Might M, Lyde S, Gilray T, Aldous P, Horn DV (2013) Sound and precise malware analysis for android via pushdown reachability and entry-point saturation. In: Proceedings of the third ACM workshop on security and privacy in smartphones & mobile devices, Berlin, Germany, pp 21–32
31. Liao Y, Vemuri VR (2002) Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 21(5):439–448
32. Lookout (2010) Security alert: geinimi, sophisticated new android trojan found in wild. https://blog.lookout.com/blog/2010/12/29/geinimi_trojan/. Accessed 1st July 2014
33. Metz CE (1978) Basic principles of ROC analysis. Semin Nucl Med 8(4):283–298
34. Oberheide J, Veeraraghavan K, Cooke E, Flinn J, Jahanian F (2008) Virtualized in-cloud security services for mobile devices. In: Proceedings of the 1st workshop on virtualization in mobile computing, Breckenridge, Colorado, pp 31–35
35. Pal SK, Mitra S (1992) Multilayer perceptron, fuzzy sets, and classification. IEEE Trans Neural Netw 3(5):683–697
36. Patel A, Taghavi M, Bakhtiyari K (2013) An intrusion detection and prevention system in cloud computing: a systematic review. J Netw Comput Appl 36(1):25–41
37. Play G (2013) Shop android apps. https://play.google.com/store?hl=en. Accessed February 2013
38. Project MG (2013) Android malware genome project. http://www.malgenomeproject.org/. Accessed Feb 2013
39. Raffetseder T, Kruegel C, Kirda E (2007) Detecting system emulators. In: Proceedings of the 10th international conference ISC, Valparaíso, Chile, pp 1–18
40. SandDroid (2013) SandDroid-an APK analysis sandbox. http://sanddroid.xjtu.edu.cn/. Accessed April 2013
41. Sangkatsanee P, Wattanapongsakorn N, Charnsripinyo C (2011) Practical real-time intrusion detection using machine learning approaches. Comput Commun 34(18):2227–2235
42. Sanz B, Santos I, Laorden C, Ugarte-Pedrero X, Nieves J, Bringas PG (2013) MAMA: manifest analysis for malware detection in android. Cybern Syst 44(6–7):469–488
43. Sarma BP, Li N, Gates C, Potharaju R, Nita-Rotaru C and Molloy I (2012), “Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM symposium on access control models and technologies, Newark, New Jersey, USA, pp 13–22
44. Schneider J (1997) Cross validation. http://www.cs.cmu.edu/~schneide/tut5/node42.html. Accessed July 2013
45. Security P (2011) Rootkits: almost invisible malware. http://www.pandasecurity.com/homeusers/security-info/types-malware/rootkit/. Accessed July 2013
46. Seo S-H, Gupta A, Mohamed Sallam A, Bertino E, Yim K (2013) Detecting mobile malware threats to homeland security through static analysis. J Netw Comput Appl doi:10.1016/j.jnca.2013.05.008. Online. http://www.sciencedirect.com/science/article. Accessed Oct 2013
47. Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) Andromaly: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190
48. Shabtai A, Tenenboim-Chekina L, Mimran D, Rokach L, Shapira B, Elovici Y (2014) Mobile malware detection through analysis of deviations in application network behavior. Comput Secur 43:1–18
49. Shamshirband S, Anuar NB, Kiah MLM, Patel A (2013) An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique. Eng Appl Artif Intell 26(9):2105–2127
50. Shamshirband S, Anuar NB, Kiah MLM, Rohani VA, Petković D, Misra S, Khan AN (2014) Co-FAIS: cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks. J Netw Comput Appl 42:102–117
51. Shamshirband S, Patel A, Anuar NB, Kiah MLM, Abraham A (2014) Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks. Eng Appl Artif Intell 32:228–241
52. SlideME (2013) SlideME | android apps market: download free & paid android application. http://slideme.org/. Accessed 1st Oct 2013
53. Sohr K, Mustafa T, Nowak A (2011) Software security aspects of Java-based mobile phones. In: Proceedings of the 2011 ACM symposium on applied computing, Taichung, Taiwan, pp 1494–1501
54. Spackman KA (1989) Signal detection theory: valuable tools for evaluating inductive learning. In: Proceedings of the 6th international workshop on machine learning, Ithaca, New York, USA, pp 160–163
55. Su X, Chuah M, Tan G (2012) Smartphone dual defense protection framework: detecting malicious applications in android markets. In: Proceedings of the mobile ad-hoc and sensor networks (MSN), 2012 eighth international conference on, Chengdu, China, pp 153–160
56. Survey G (2013) Our mobile planet: global smartphone user. http://services.google.com/fh/files/blogs/final_global_smartphone_user_study_2012.pdf. Accessed June 2013
57. Symantec (2013) Android ransomware predictions hold true. http://www.symantec.com/connect/blogs/android-ransomware-predictions-hold-true. Accessed 1st Sept 2013
58. Teufl P, Ferk M, Fitzek A, Hein D, Kraxberger S, Orthacker C (2013) Malware detection by applying knowledge discovery processes to application metadata on the Android Market (Google Play). In: Security and communication networks. doi:10.1002/sec.675 [Online]. http://dx.doi.org/10.1002/sec.675. Accessed 1st April 2014
59. Tin Kam H (1998) The random subspace method for constructing decision forests. IEEE Trans Pattern Anal Mach Intell 20(8):832–844
60. tPacketCapturePro (2013) tPacketCapture-Capture Communication Packets. http://www.taosoftware.co.jp/en/android/packetcapture/. Accessed April 2013
61. tshark (2013) tshark-the wireshark network analyzer. http://www.wireshark.org/docs/man-pages/tshark.html. Accessed Feb 2013
62. Verwoerd T, Hunt R (2002) Intrusion detection techniques and approaches. Comput Commun 25(15):1356–1365
63. Yajin Z, Xuxian J (2012) Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE symposium on security and privacy (SP), San Fransico, USA, pp 95–109
64. Yerima SY, Sezer S, McWilliams G, Muttik I (2013) A new android malware detection approach using bayesian classification. In: Proceedings of the 2013 IEEE 27th international conference on advanced information networking and applications (AINA), Barcelona, Spain, pp 121–128
65. Zhao M, Zhang T, Ge F, Yuan Z (2012) RobotDroid: a lightweight malware detection framework on smartphones. J Netw 7(4):715–722
66. Zheng M, Sun M, Lui J (2013) DroidAnalytics: a signature based analytic system to collect, extract, analyze and associate android malware. http://arxiv.org/abs/1302.7212. Accessed 1st Oct 2013