In recent years the number and sophistication of Android malware have increased dramatically. A prototype framework which uses static analysis methods for classification is proposed which employs two feature sets to classify Android malware, permissions declared in the Androidmanifest.xml and Android classes used from the Classes.dex file. The extracted features were then used to train a variety of machine learning algorithms including Random Forest, SGD, SVM and Neural networks. Each machine learning algorithm was subsequently optimised using optimisation algorithms, including the use of bio-inspired optimisation algorithms such as Particle Swarm Optimisation, Artificial Bee Colony optimisation (ABC), Firefly optimisation and Genetic algorithm. The prototype framework was tested and evaluated using three datasets. It achieved a good accuracy of 95.7 percent by using SVM and ABC optimisation for the CICAndMal2019 dataset, 94.9 percent accuracy (with fl-score of 96.7 percent) using Neural network for the KuafuDet dataset and 99.6 percent accuracy using an SGD classifier for the Andro-Dump dataset. The accuracy could be further improved through better feature selection.
|Title of host publication||IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)|
|Publication status||Published - 9 Feb 2021|
|Event||19th International Conference on Trust, Security and Privacy in Computing and Communications - Guangzhou, China|
Duration: 29 Dec 2020 → 1 Jan 2021
|Conference||19th International Conference on Trust, Security and Privacy in Computing and Communications|
|Period||29/12/20 → 1/01/21|