TY - JOUR
T1 - Detecting Android Malware by Mining Enhanced System Call Graphs
AU - Yunmar, Rajif Agung
AU - Kusumawardani, Sri Suning
AU - Widyawan, Widyawan
AU - Mohsen, Fadi
N1 - Publisher Copyright:
© 2024, Modern Education and Computer Science Press. All rights reserved.
PY - 2024/4/1
Y1 - 2024/4/1
N2 - The persistent threat of malicious applications targeting Android devices has been growing in numbers and severity. Numerous techniques have been utilized to defend against this thread, including heuristic-based ones, which are able to detect unknown malware. Among the many features that this technique uses are system calls. Researchers have used several representation methods to capture system calls, such as histograms. However, some information may be lost if the system calls as a feature is only represented as a 1-dimensional vector. Graphs can represent the interaction of different system calls in an unusual or suspicious way, which can indicate malicious behavior. This study uses machine learning algorithms to recognize malicious behavior represented in a graph. The system call graph was fed into machine learning algorithms such as AdaBoost, Decision Table, Naïve Bayes, Random Forest, IBk, J48, and Logistic regression. We further employ a series feature selection method to improve detection accuracy and eliminate computational complexity. Our experiment results show that the proposed method has reduced feature dimension to 91.95% and provides 95.32% detection accuracy.
AB - The persistent threat of malicious applications targeting Android devices has been growing in numbers and severity. Numerous techniques have been utilized to defend against this thread, including heuristic-based ones, which are able to detect unknown malware. Among the many features that this technique uses are system calls. Researchers have used several representation methods to capture system calls, such as histograms. However, some information may be lost if the system calls as a feature is only represented as a 1-dimensional vector. Graphs can represent the interaction of different system calls in an unusual or suspicious way, which can indicate malicious behavior. This study uses machine learning algorithms to recognize malicious behavior represented in a graph. The system call graph was fed into machine learning algorithms such as AdaBoost, Decision Table, Naïve Bayes, Random Forest, IBk, J48, and Logistic regression. We further employ a series feature selection method to improve detection accuracy and eliminate computational complexity. Our experiment results show that the proposed method has reduced feature dimension to 91.95% and provides 95.32% detection accuracy.
KW - Android
KW - Graph
KW - Heuristic-based Detection
KW - Machine Learning
KW - Malware
KW - System Call
UR - http://www.scopus.com/inward/record.url?scp=85188538730&partnerID=8YFLogxK
U2 - 10.5815/ijcnis.2024.02.03
DO - 10.5815/ijcnis.2024.02.03
M3 - Article
AN - SCOPUS:85188538730
SN - 2074-9090
VL - 16
SP - 28
EP - 41
JO - International Journal of Computer Network and Information Security
JF - International Journal of Computer Network and Information Security
IS - 2
ER -