Feature Engineering based on Hybrid Features for Malware Detection over Android Framework
Main Article Content
Abstract
Android is the operating system of this modern world. Today, every tech-savvy people across the world are giving first preference to Android devices for their personal and official use. Because of the growing use of Android devices attackers are turning their attention toward android application. Because of this alarming increase in Android malware attacks there is a need to develop a defence mechanism against such attacks that must be fruitful and cost-effective. State-of-the-art malware detection techniques perform static, dynamic or hybrid analysis. Static analysis involves examining the source code malware samples without executing them. However, dynamic analysis monitors the run time behaviour of application during the actual execution of the app. Static analysis is a straightforward way to analyze the malware samples regarding the Android platform. In this research, we perform hybrid analysis using four different categories of Android application features such as permissions, intents, and network features. We extract permissions and intent from a manifest file while Network-based features extracted from java files. Our results show that the greatest precision of 0.99 can achieve by performing feature selection using Info Gain Method. Through, feature selection and results achieved by those selected features we come to know that permission are the most relevant features among all other three feature categories. We have observed that performing Ensemble method is best among all four machine learning classifiers. We have seen that network features (IP addresses, Email addresses, URL) are the relevant and effective feature for malware detection in the proposed framework.
Downloads
Metrics
Article Details
Licensing
TURCOMAT publishes articles under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This licensing allows for any use of the work, provided the original author(s) and source are credited, thereby facilitating the free exchange and use of research for the advancement of knowledge.
Detailed Licensing Terms
Attribution (BY): Users must give appropriate credit, provide a link to the license, and indicate if changes were made. Users may do so in any reasonable manner, but not in any way that suggests the licensor endorses them or their use.
No Additional Restrictions: Users may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.