K-NEAREST NEIGHBOUR CLASSIFIER USAGE FOR PERMISSION BASED MALWARE DETECTION IN ANDROID

Авторы

  • Recep Sinan ARSLAN Bozok University
  • Ahmet Haşim Yurttakal

DOI:

https://doi.org/10.46291/ICONTECHvol4iss2pp15-27

Ключевые слова:

Malware Detection, Classification, Machine Learning, Android, KNN

Аннотация

ABSTRACT

Android application platform is making rapid progress in these days. This development has made it the target of malicious application developers. This situation provides a numerical increase in malware apps, diversity in techniques, and rise of damage. Therefore, it is very critical to detect these software and escalation the security of mobile users. Static and dynamic analysis, behaviour scrutiny, machine learning methods are used to ensure security. In this study, K-nearest Neighbourhood (KNN) classifier, one of the machine learning methods, is used. Thus, it is aimed to detect malignant mobile software successfully and quickly. The tests is conducted with dataset includes 492 malware and 697 benign applications. In the proposed algorithm, neighbour number 5 and distance metric is preferred as Minkowski. 80% of dataset randomly selected is reserved for training and 20% for testing. As a result, while 94.1% accuracy is achieved, precision 91.2%, recall 92.7% recall and f1-measure is 92.4%. The high value obtained in f1-measure shows that the proposed model is successful in detecting both malware and benevolent software. The success of using KNN algorithm in classification of malicious apps in the Android has been demonstrated.

Библиографические ссылки

Rahim Taheri, Meysam Ghahramani, Reza Javidan, Mohammad Shojafar, Zahra Pooranian, Mauro Conti, Similarity-based Android malware detection using Hamming distance of static binary features, Future Generation Computer Systems, Volume 105, 2020, pp. 230-247.

Y. Zhou, X. Jiang, “Dissecting android malware: characterization and evalution”, 2012 IEEE Symposium on Security and Privacy (SP), (2012), pp. 95-109.

Manel Jerbi, Zaineb Chelly Dagdia, Slim Bechikh, Lamjed Ben Said, “On the use of artificial malicious patterns for android malware detection”, Computer and Security, (2020), 92, 1-22.

C. Willems, T. Holz and F. Freiling, “Toward automated dynamic malware analysis using cwsandbox”, IEEE Secur. Privacy, 5 (2), (2007)

K. Rieck, T. Holz, C. Willems, P. Düssel and P. Laskov,” Learning and classification of malware behavior” , International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer (2008), pp. 108-125.

H. Cai, N. Meng, B. Ryder, D. Yao, Droidcat: Effective android malware detection and categorization via app-level profiling, IEEE Trans. Inf. Forensics Secur. 14 (6) (2019) 1455–1470.

Fei Tong, Zheng Yan, “A hybrid approach for mobile malware detection in Android”, Journal of Parallel Distributed Computing”, (2016), 103, 22-31.

Shamsul Huda, Jemal Abawajy, Mamoun Alazab, Mali Abdolalihian, Refiqul Islam, John Yearwood, “Hybrids of Suppor vector machine wrapper and filter based framework for malware detection”, Future Generation Computer Systems, (2016), 55, 376-390.

Sitalaskhmi Venkatraman, Mamoun Alazab, R. Vinayakumar, “A hybrid deep learning image-based analysis for effective malware detection”, Journal of Information Security and Applications, (2019), 47, 377-389.

Daniel Gilbert, Carles Mateu, Jordi Planes, “The rise of machine learning for detection and classification of malware: Research development, trends, and challenges”, Journal of Network and Computer Applications, 153, (2020), 1-22.

Sen Chen, Minhui Xue, Lingling Fan, Shuang Hao, Lihua Xu, Haojiin Zhu, Bo Li, “ Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach, Computer & Security, (2018), 73, 326-344.

Steve Mansfield-Devine, “Android malware and mitigations”, Network Security, (2012), 11, 12-20.

Mark Guido et al. “Automated idenfitication of installed malicious Android applications”, Digital investigation, (2013), 10, 96-104.

Recep Sinan ARSLAN, İbrahim Alper Doğru, Necaattin Barışçı, “Permission-based malware detection system for Android using machine learning techniques”, International Journal of Software Engineering and Knowledge Engineering, (2019), 29(1), 43-61.

Muhammad Amin et al. “ Static malware detection and attribution in android byte-code through an end to end deep system”, Future Generation Computer Systems, (2020), 112-126.

Guruswamy Nellaivadivelu, Fabio Di Troia, Mark Stamp, “Black box analysis of android malware detectors”, Array, (2020), 6, 1-9.

Muzzamil Noor, Haider Abbas, Waleed Bin Shahid, “Countering cyber threats for industrial applications: An automated approach for malware evasion detection and analysis”, Journal of Network and Computer Applications” (2018), 103, 249-261.

Shanshan Wang et al. “ A mobile malware detection method using behaviour features in network traffic”, Journal of Network and Computer Applications”, (2019), 133, 15-25.

Elmouatez Billah Karbab, Mourad Debbabi, “MalDy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports”, Digital Investigation, (2019), 28, 77-87.

Moutaz Alazab et al. “Intelligent mobile malware detection using permission requests and API calls”, Future Generation Computer Systems, (2020), 107, 509-521.

Domhnill Carlin, Philip O’Kane, Sakir Sezer, “A cost analysis of machine learning using dynamic runtime opcodes for malware detection, Computers & Security, (2019), 85, 138-155.

Zhenxiang Chen et al. “Machine learning based mobile malware detection using highly imbalanced netwok traffic”, Information Sciences, (2018),433, 346-364.

Şerif Bahtiyar, Mehmet Barış Yaman, Can Yılmaz Altıniğne, “A multi-dimansional machine learning approach to predict advanced malware”, Computer networks, (2019=, 160, 118-129.

Cover, Thomas M., Hart, Peter E. (1967). "Nearest neighbor pattern classification”, IEEE Transactions on Information Theory. 13(1), 21–27.

Recep Sinan Arslan, İbrahim Alper Doğru, Necaattin Barışçı, “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”, Politeknik Dergisi, (2017), 20(1), 175-189.

Karakuş A. T., Doğru İ.A., Çetin A., “APK Auditor: Permission-based Android Malware Detection System”, Digital Investigation, Vol. 13 (1), pp. 1–14, 2015.

Utku A., Doğru İ.A., “Permission Based Detection System for Android Malicious Software”, J. Fac. Eng. Arch. Gazi Univ., Vol. 32 (4), pp. 1015-1024, 2017.

https://www.virustotal.com/gui/home

Udayakumar N, Subbulakshmi.T, Ayush Mishra, Shivang Mishra and Puneet Jain, “Malware Category Prediction using Knn and Svm Classifiers”, International Journal of Mechanical Engineering and Technology (IJMET) Volume 10, Issue 02, February 2019, pp. 787-797

Michal Kedziora, Paulina Gawin, Michal Szczepanik and Ireneusz Jozwiak, “Malware detection using machine learning algorithms and reverse engineering of Android Java Code”, International Journal of Network Security & Its Applications (IJNSA), (2019), 11, 1-14.

Michał Jacek Kruczkowski, Ewa Niewiadomska-Szynkiewicz, “Comparative study of supervised learning methods for malware analysis”, Journal of Telecommunications and Information Technology, (2014), 4, 1-11.

G. Baldini and D. Geneiatakis, "A Performance Evaluation on Distance Measures in KNN for Mobile Malware Detection," 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT), Paris, France, 2019, pp. 193-198

Mansour Ahmadi, Ashkan Sami, Hossein Rahimi, Babak Yadegari, “Malware detection by behavioural sequential patterns”, Computer Fraud and Security, (2013), 8, 11-19.

Опубликован

2020-09-16

Как цитировать

ARSLAN, R. S., & Yurttakal, A. H. (2020). K-NEAREST NEIGHBOUR CLASSIFIER USAGE FOR PERMISSION BASED MALWARE DETECTION IN ANDROID. ICONTECH INTERNATIONAL JOURNAL, 4(2), 15–27. https://doi.org/10.46291/ICONTECHvol4iss2pp15-27

Выпуск

Раздел

Articles