Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application

Android has become the number one mobile operating system in term of worldwide market share since May 2012. The highest demand and the open source factors had brought Android operating system into main target of malware creator. Two approaches introduced to detect malware in Android mobile environme...

Full description

Saved in:
Bibliographic Details
Main Author: Aminordin, Azmi
Format: Thesis
Language:English
English
Published: 2021
Subjects:
Online Access:http://eprints.utem.edu.my/id/eprint/25387/1/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf
http://eprints.utem.edu.my/id/eprint/25387/2/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf
http://eprints.utem.edu.my/id/eprint/25387/
https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=119743
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknikal Malaysia Melaka
Language: English
English
id my.utem.eprints.25387
record_format eprints
spelling my.utem.eprints.253872021-11-17T08:46:04Z http://eprints.utem.edu.my/id/eprint/25387/ Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application Aminordin, Azmi T Technology (General) TK Electrical engineering. Electronics Nuclear engineering Android has become the number one mobile operating system in term of worldwide market share since May 2012. The highest demand and the open source factors had brought Android operating system into main target of malware creator. Two approaches introduced to detect malware in Android mobile environment namely static analysis and dynamic analysis. Static analysis is where the static features are examined. Too many features used, features extraction time consuming and the reliability of accuracy result by various machine learning algorithm are the main issues spotted in static analysis approach. As such, this thesis investigates the whole Android static analysis framework in detecting and classifying mobile malware. The early study found that two static features that are often used (permission and API calls) with the right mapping are sufficient to analyse the Android malware. The new permission(s) toward API call(s) mapping for Android level 16 to 24 is constructed based on Android official developer guideline references where previously these two features are mapped without using the standard guideline. On experimenting and analysing the framework, there are 4767 benign applications from 10 different categories was collected from Android official market place and 3443 malware applications was collected from AndroZoo dataset. All benign files are then scanned through VirusTotal to ensure that all collected files are free from virus. On extracting the desired features, a new automation of feature extraction using Depth First Search (DFS) with sequential search are introduced and succeed to extract the targeted features with consideration of no limitation on application file size also no limitation on file number. In order to enables machine learning to train faster and reduces the complexity of a machine learning model, the information gain features selection is applied towards the extracted features. Four types of machine learning algorithm were tested with four different kind of splitting dataset techniques separately. The result shows that the detection of malware within application category achieves higher accuracy compared to application with non-category based. In increasing the reliability, the results obtained are then validated by using statistical analysis procedure which each machine learning classification algorithm are iterate 50 times. The validation results show that Random Forest with 10-folds cross validation spitting dataset achieved 8 highest performance compared to benchmark study and two other classifiers. This study suggests the work to combine the optimization of feature selection and algorithm parameters to achieve higher accuracy and acquire more reliable comparison. 2021 Thesis NonPeerReviewed text en http://eprints.utem.edu.my/id/eprint/25387/1/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf text en http://eprints.utem.edu.my/id/eprint/25387/2/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf Aminordin, Azmi (2021) Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application. Doctoral thesis, Universiti Teknikal Malaysia Melaka. https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=119743
institution Universiti Teknikal Malaysia Melaka
building UTEM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknikal Malaysia Melaka
content_source UTEM Institutional Repository
url_provider http://eprints.utem.edu.my/
language English
English
topic T Technology (General)
TK Electrical engineering. Electronics Nuclear engineering
spellingShingle T Technology (General)
TK Electrical engineering. Electronics Nuclear engineering
Aminordin, Azmi
Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application
description Android has become the number one mobile operating system in term of worldwide market share since May 2012. The highest demand and the open source factors had brought Android operating system into main target of malware creator. Two approaches introduced to detect malware in Android mobile environment namely static analysis and dynamic analysis. Static analysis is where the static features are examined. Too many features used, features extraction time consuming and the reliability of accuracy result by various machine learning algorithm are the main issues spotted in static analysis approach. As such, this thesis investigates the whole Android static analysis framework in detecting and classifying mobile malware. The early study found that two static features that are often used (permission and API calls) with the right mapping are sufficient to analyse the Android malware. The new permission(s) toward API call(s) mapping for Android level 16 to 24 is constructed based on Android official developer guideline references where previously these two features are mapped without using the standard guideline. On experimenting and analysing the framework, there are 4767 benign applications from 10 different categories was collected from Android official market place and 3443 malware applications was collected from AndroZoo dataset. All benign files are then scanned through VirusTotal to ensure that all collected files are free from virus. On extracting the desired features, a new automation of feature extraction using Depth First Search (DFS) with sequential search are introduced and succeed to extract the targeted features with consideration of no limitation on application file size also no limitation on file number. In order to enables machine learning to train faster and reduces the complexity of a machine learning model, the information gain features selection is applied towards the extracted features. Four types of machine learning algorithm were tested with four different kind of splitting dataset techniques separately. The result shows that the detection of malware within application category achieves higher accuracy compared to application with non-category based. In increasing the reliability, the results obtained are then validated by using statistical analysis procedure which each machine learning classification algorithm are iterate 50 times. The validation results show that Random Forest with 10-folds cross validation spitting dataset achieved 8 highest performance compared to benchmark study and two other classifiers. This study suggests the work to combine the optimization of feature selection and algorithm parameters to achieve higher accuracy and acquire more reliable comparison.
format Thesis
author Aminordin, Azmi
author_facet Aminordin, Azmi
author_sort Aminordin, Azmi
title Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application
title_short Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application
title_full Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application
title_fullStr Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application
title_full_unstemmed Enhancement Of Static Code Analysis Malware Detection Framework For Android Category-Based Application
title_sort enhancement of static code analysis malware detection framework for android category-based application
publishDate 2021
url http://eprints.utem.edu.my/id/eprint/25387/1/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf
http://eprints.utem.edu.my/id/eprint/25387/2/Enhancement%20Of%20Static%20Code%20Analysis%20Malware%20Detection%20Framework%20For%20Android%20Category-Based%20Application.pdf
http://eprints.utem.edu.my/id/eprint/25387/
https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=119743
_version_ 1717097549424230400