BENCHMARKING MACHINE LEARNING ALGORITHMS FOR ANDROID MALWARE DETECTION

• Main Authors: Somayyeh Fallah, Amir Jalaly Bidgoly
• Format: Article
• Language: English
• Published: Scientific Research Support Fund of Jordan (SRSF) and Princess Sumaya University for Technology (PSUT) 2019-12-01
• Series: Jordanian Journal of Computers and Information Technology
• Subjects: android malware; malware detection; network traffic; machine learning
• Online Access: http://jjcit.org/Volume%2005,%20Number%2003/5-DOI%2010.5455-jjcit.71-1558862640.pdf

Nowadays, smartphones have captured a significant part of human life and has led to an increasing number of users involved with this technology. The rising number of users has encouraged hackers to generate malicious applications. Identifying these malwares is critical for preserving the security and privacy of users. The recent trend of cyber security shows that threats can be effectively identified using network-based detection techniques and machine learning methods. In this paper, several well-known methods of machine learning were investigated for smartphone malware detection using network traffic. A wide range of malware families are used in the investigations, including Adware, Ransomware, Scareware and SMS Malware. Also, the most used and famous supervised and unsupervised machine learning methods are considered. This article benchmarked the methods from different points of view, such as the required features count, the recorded traffic volume, the ability of malware family identification and the ability of a new malware family detection. The results showed that using these methods with appropriate features and traffic volume would achieve the F1-measure of malware detection by a percentage of about 90%. However, these methods did not show acceptable results in detecting malicious as well as new families of malware. The paper also explained some of the challenges and potential research problems in this context which can be used by researchers interested in this field