Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application

Android has become the number one mobile operating system in term of worldwide market share since May 2012. The highest demand and the open source factors had brought Android operating system into main target of malware creator. Two approaches introduced to detect malware in Android mobile environme...

Full description

Saved in:
Bibliographic Details
Main Author: Aminordin, Azmi
Format: Thesis
Language:English
English
Published: 2021
Subjects:
Online Access:http://eprints.utem.edu.my/id/eprint/25387/1/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf
http://eprints.utem.edu.my/id/eprint/25387/2/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf
http://eprints.utem.edu.my/id/eprint/25387/
https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=119743
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Android has become the number one mobile operating system in term of worldwide market share since May 2012. The highest demand and the open source factors had brought Android operating system into main target of malware creator. Two approaches introduced to detect malware in Android mobile environment namely static analysis and dynamic analysis. Static analysis is where the static features are examined. Too many features used, features extraction time consuming and the reliability of accuracy result by various machine learning algorithm are the main issues spotted in static analysis approach. As such, this thesis investigates the whole Android static analysis framework in detecting and classifying mobile malware. The early study found that two static features that are often used (permission and API calls) with the right mapping are sufficient to analyse the Android malware. The new permission(s) toward API call(s) mapping for Android level 16 to 24 is constructed based on Android official developer guideline references where previously these two features are mapped without using the standard guideline. On experimenting and analysing the framework, there are 4767 benign applications from 10 different categories was collected from Android official market place and 3443 malware applications was collected from AndroZoo dataset. All benign files are then scanned through VirusTotal to ensure that all collected files are free from virus. On extracting the desired features, a new automation of feature extraction using Depth First Search (DFS) with sequential search are introduced and succeed to extract the targeted features with consideration of no limitation on application file size also no limitation on file number. In order to enables machine learning to train faster and reduces the complexity of a machine learning model, the information gain features selection is applied towards the extracted features. Four types of machine learning algorithm were tested with four different kind of splitting dataset techniques separately. The result shows that the detection of malware within application category achieves higher accuracy compared to application with non-category based. In increasing the reliability, the results obtained are then validated by using statistical analysis procedure which each machine learning classification algorithm are iterate 50 times. The validation results show that Random Forest with 10-folds cross validation spitting dataset achieved 8 highest performance compared to benchmark study and two other classifiers. This study suggests the work to combine the optimization of feature selection and algorithm parameters to achieve higher accuracy and acquire more reliable comparison.