A system call-based android malware detection approach with homogeneous & heterogeneous ensemble machine learning

The enormous popularity of Android in the smartphone market has gained the attention of malicious actors as well. Also, considering its open system architecture, malicious attacks don’t seem to wane anytime soon. Cybercriminals use deceptive attack strategies like obfuscation or dynamic code loading...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2023-07, Vol.130, p.103277, Article 103277
Main Authors: Bhat, Parnika, Behal, Sunny, Dutta, Kamlesh
Format: Article
Language:English
Subjects:
Android
Dynamic analysis
Ensemble machine learning
Feature selection
Malware detection
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The enormous popularity of Android in the smartphone market has gained the attention of malicious actors as well. Also, considering its open system architecture, malicious attacks don’t seem to wane anytime soon. Cybercriminals use deceptive attack strategies like obfuscation or dynamic code loading to evade the system. A conventional static analysis approach fails to identify such attacks. Mitigating a wide range of evasive attacks requires excogitating savvy dynamic analysis framework. This paper proposes a precise dynamic analysis approach to identify a slew of malicious attacks. The proposed method focus on behavioral analysis of malware that requires reconstructing the behavior of Android malware. The dynamic behavior features used include system calls, binders, and complex Android objects (composite behavior). For efficient malware detection and classification, a feature selection method is used to remove extraneous features. For classification, we use homogeneous and heterogeneous ensemble machine learning algorithms. The stacking approach has the best classification results with an accuracy rate of 98.08%. The rigorous experimental results show the effectiveness and superiority of the model.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2023.103277