ABSTRACT
Mobile malware has become the centerpiece of most security and privacy threats on the Internet. Especially with the openness of the Android market, many malicious apps are hiding in a large number of applications, which makes malware detection more challenging. In this study, eXtreme Gradient Boosting (XGBoost) is used to establish the Android-based malware detection and classification framework. The framework utilizes APK permission categories extracted from Android applications. The comparison of modeling results demonstrates that the XGBoost is especially suitable for Android malware classification and can achieve 74.40% of F1-score with real-world Android application sets.
- James Bergstra and Yoshua Bengio. 2012. Random Search for Hyper-Parameter Optimization. Journal of Machine Learning Research (JMLR) 13, null (2012), 281--305.Google Scholar
- Michael Biehl, Barbara Hammer, and Thomas Villmann. 2016. Prototype-based Models in Machine Learning. Wiley Interdisciplinary Reviews: Cognitive Science 7, 2 (March 2016), 92--111. Google ScholarCross Ref
- Nitesh V Chawla, Kevin W Bowyer, Lawrence O Hall, and W Philip Kegelmeyer. 2002. SMOTE: Synthetic Minority Over-sampling Technique. Journal of Artificial Intelligence Research 16, 1 (June 2002), 321--357.Google ScholarDigital Library
- Tianqi Chen and Carlos Guestrin. 2016. XGBoost: A Scalable Tree Boosting System. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM, New York, NY, USA, 785--794. Google ScholarDigital Library
- Google Developers. 2019. Permission. Retrieved from https://developer.android.com/guide/topics/manifest/permission-element?hl=idGoogle Scholar
- International Data Corporation (IDC). 2019. Smartphone Market Share. Retrieved August 13, 2019 from https://www.idc.com/promo/smartphone-market-share/osGoogle Scholar
- Xuxian Jiang and Yajin Zhou. 2013. Android Malware. Springer New York, New York, NY. Google ScholarCross Ref
- Myeongsu Kang and Noel Jordan Jameson. 2018. Machine Learning: Fundamentals. In Prognostics and Health Management of Electronics. John Wiley and Sons Ltd, Chichester, UK, 85--109. Google ScholarCross Ref
- Simon Kramer and Julian C. Bradfield. 2010. A General Definition of Malware. Journal in Computer Virology 6, 2 (2010), 105--114. Google ScholarCross Ref
- J Li, L Sun, Q Yan, Z Li, W Srisa-an, and H Ye. 2018. Significant Permission Identification for Machine-Learning-Based Android Malware Detection. IEEE Transactions on Industrial Informatics 14, 7 (July 2018), 3216--3225. Google ScholarCross Ref
- Niall McLaughlin, Jesus del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupé, and Gail Joon Ahn. 2017. Deep Android Malware Detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17), Association for Computing Machinery, New York, NY, USA, 301--308. Google ScholarDigital Library
- Karl Meinke and Amel Bennaceur. 2018. Machine Learning for Software Engineering. In Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, ACM, New York, NY, USA, 548--549. Google ScholarDigital Library
- Jiong Wang, Boquan Li, and Yuwei Zeng. 2018. XGBoost-Based Android Malware Detection. In Proceedings of the 13th International Conference on Computational Intelligence and Security, CIS 2017, 268--272. Google ScholarCross Ref
- K Xu, Y Li, R Deng, K Chen, and J Xu. 2019. DroidEvolver: Self-Evolving Android Malware Detection System. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS P), 47--62. Google ScholarCross Ref
- Z Yuan, Y Lu, and Y Xue. 2016. DroidDetector: Android Malware Characterization and Detection Using Deep Learning. Tsinghua Science and Technology 21, 1 (February 2016), 114--123. Google ScholarCross Ref
Index Terms
- Android malware classification based on permission categories using extreme gradient boosting
Recommendations
Hybrid classification of Android malware based on fuzzy clustering and the gradient boosting machine
AbstractThe widespread use of smartphones in recent years has led to a significant rise in the sophistication and number of Android malicious applications (apps) targeting smartphone users. Android-based smartphones attract attackers more than other ...
Permission based malware detection in android devices
SCA '18: Proceedings of the 3rd International Conference on Smart City ApplicationsThe mobile operation system Android is one of the most OS's used in the entire world, which make it the target of many malware projects and the mission of detecting those malware applications is getting harder over time due to evaluation and development ...
Android Malware Detection via a Latent Network Behavior Analysis
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsThe rapid growth of smartphones has lead to a renaissance for mobile application services. Android and iOS now as the most popular smartphone platforms offer a public marketplace respectively, the Android Market and App Store- but operate with ...
Comments