Supervised Learning Methods Comparison for Android Malware Detection Based on System Calls Referring to ARM (32-bit/EABI) Table

DOI: https://doi.org/10.30996/jitcs.10511
Keywords: Android, Decision Tree, Machine Learning, Malware Detection, Supervised Learning, Naive Bayes

Abstract

Android malware detection research is a topic that is still being developed. From all the detection techniques developed, dynamic analysis methods have become interesting because they trace the suspect application system calls. Based on the system calls, by utilizing machine learning, the suspect application can be classified as malware or benign. Comparing the machine learning methods is im-portant to determine what method is best to support malware detection. This article aims to explain more clearly and simply the way to conduct Android malware detection based on system calls step by step using classification. Furthermore, it presents the system calls sequence conversion referring to the arm(32-bit/EABI) table, which has 398 system calls (0-397) as features. It will provide a compari-son of several supervised machine-learning methods for classifying Android applications. This initial research is part of the other research that has the purpose of developing a malware detection system based on an Android application. This research can be used to develop the best machine learning to classify malware applications using a Support Vector Machine (SVM), Decision Tree (DT), K-Nearest Neighbour (KNN), and Naive Bayes (NB). The result can be concluded that the KNN method has the lowest performance in detecting Android malware apps, with an accuracy of only 0.50. In comparison, the NB method has an accuracy of only 0,69. SVM and DT models have similar accuracy and recall results of 0.79 and 0.75, respectively, but DT obtained higher precision and scores of 0.83 and 0.76, respectively. Although in this study, the classification performance of DT is better than SVM, based on comparison with the results of previous research, SVM is a suitable method for Android malware de-tection based on system calls. It is proven by the results of research comparisons that the SVM method is always the method with the highest accuracy score among other methods. For the next research, the SVM method can be used to develop a malware detection system for Android applications.

Downloads

Download data is not yet available.

Author Biographies

Rinanza Zulmy Alhamri, Politeknik Negeri Malang

Department of Information Technology

Toga Aldila Cinderatama, Politeknik Negeri Malang

Department of Information Technology

Kunti Eliyen, Politeknik Negeri Malang

Department of Information Technology

Abidatul Izzah, Politeknik Negeri Malang

Department of Information Technology

References

Akbi, D. R., Herlambang, S., Basuki, S., & Sari, Z. (2018). Deteksi Malware Android Berdasarkan System Call Menggunakan Algortima Support Vector Machine. Seminar Nasional Teknologi Dan Rekayasa (SENTRA).

Anshori, M., Mar’i, F., & Bachtiar, F. A. (2019). Comparison of Machine Learning Methods for Android Malicious Software Classification based on System Call. 2019 International Conference on Sustainable Information Engineering and Technology (SIET), 343–348. https://doi.org/10.1109/SIET48054.2019.8985998

Arslan, R. S., & Yurttakal, A. H. (2020). K-Nearest Neighbour Classifier Usage for Permission Based Malware Detection in Android. Icontech Journal of Innovative Surveys, Engineering & Technology, 4(2), 15–27. https://doi.org/10.46291/ICONTECHvol4iss2pp15-27

Bhatia, T., & Kaushal, R. (2017, June). Malware detection in android based on dynamic analysis. 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security). https://doi.org/10.1109/CyberSecPODS.2017.8074847

Chandini, S. B., Rajendra, A. B., & Nitin, S. G. (2019). A Research on Different Types of Malware and Detection Techniques. International Journal of Recent Technology and Engineering, 8(2S8), 1792–1797. https://doi.org/10.35940/ijrte.B1155.0882S819

Dhalaria, M., & Gandotra, E. (2021). A Hybrid Approach for Android Malware Detection and Family Classification. International Journal of Interactive Multimedia and Artificial Intelligence, 6(6), 174–188. https://doi.org/10.9781/ijimai.2020.09.001

Gholamy, A., Kreinovich, V., & Kosheleva, O. (2018). Why 70/30 or 80/20 Relation Between Training and Testing Sets: A Pedagogical Explanation. International Journal of Intelligent Technologies and Applied Statistics, 11(2), 105–111. https://doi.org/10.6148/IJITAS.201806_11(2).0003

Habibi, M., Ismail, S. J., & Sularsa, A. (2017). Implementation of Malware Detection Service on Android. E-Proceedings of Applied Science, 3(3), 1839–1847.

Hadiprakoso, R. B., Aditya, W. R., & Pramitha, F. N. (2022). Analisis Statis Deteksi Malware Android Menggunakan Algoritma Supervised Machine Learning. Cyber Security Dan Forensik Digital, 5(1), 1–5. https://doi.org/10.14421/csecurity.2022.5.1.3116

Hadiprakoso, R. B., Qomariasih, N., & Yasa, R. N. (2021). Identifikasi Malware Android Menggunakan Pendekatan Analisis Hibrid dengan Deep Learning. Jurnal Teknologi Informasi Universitas Lambung Mangkurat, 6(2), 77–84. https://doi.org/10.20527/jtiulm.v6i2.82

Jusoh, R., Firdaus, A., Anwar, S., Osman, M. Z., Darmawan, M. F., & Razak, M. F. A. (2021). Malware detection using static analysis in Android: a review of FeCO (features, classification, and obfuscation). PeerJ. Computer Science, 7. https://doi.org/10.7717/peerj-cs.522

Malik, S. (2019). Anomaly based Intrusion Detection in Android Mobiles: A Review. International Journal of Engineering Research and Technology, 8(10), 698–710. www.ijert.org

Manzil, H. H. R., & S, M. N. (2023, December 28). DynaMalDroid: Dynamic Analysis-Based Detection Framework for Android Malware Using Machine Learning Techniques. 2022 International Conference on Knowledge Engineering and Communication Systems (ICKES). https://doi.org/10.1109/ICKECS56523.2022.10060106

Negi, C., Mishra, P., Chaudhary, P., & Vardhan, H. (2021). A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools. Journal of Cyber Security and Mobility, 10(1), 231–260. https://doi.org/10.13052/jcsm2245-1439.1018

Pang, J., & Bian, J. (2019). Android Malware Detection Based on Naive Bayes. 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS), 10, 483–486. https://doi.org/10.1109/ICSESS47205.2019.9040796

Ribeiro, J., Saghezchi, F. B., Mantas, G., Rodriguez, J., Shepherd, S. J., & Abd-Alhameed, R. A. (2020). An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices. Mobile Networks and Applications, 25, 164–172. https://doi.org/10.1007/s11036-019-01220-y

Selvaganapathy, S., Sadasivam, S., & Ravi, V. (2021). A Review on Android Malware: Attacks, Countermeasures and Challenges Ahead. Journal of Cyber Security and Mobility, 10(1), 177–230. https://doi.org/10.13052/jcsm2245-1439.1017

Shakya, S., & Dave, M. (2022). Analysis, Detection, and Classification of Android Malware using System Calls. https://doi.org/10.48550/arXiv.2208.06130

Yang, M., Chen, X., Luo, Y., & Zhang, H. (2020). An Android Malware Detection Model Based on DT-SVM. Security and Communication Networks. https://doi.org/10.1155/2020/8841233

Zhang, X., Mathur, A., Zhao, L., Rahmat, S., Niyaz, Q., Javaid, A., & Yang, X. (2022). An Early Detection of Android Malware Using System Calls based Machine Learning Model. Proceedings of the 17th International Conference on Availability, Reliability and Security, 1–9. https://doi.org/10.1145/3538969.3544413

Published
2024-06-20
How to Cite
Alhamri, R. Z., Cinderatama, T. A., Eliyen, K., & Izzah, A. (2024). Supervised Learning Methods Comparison for Android Malware Detection Based on System Calls Referring to ARM (32-bit/EABI) Table. Journal of Information Technology and Cyber Security, 2(1), 15-24. https://doi.org/10.30996/jitcs.10511
Issue
Vol 2 No 1 (2024): January
Section
Research Article

Copyright (c) 2024 The Author(s)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

 

Copyright Notice based on COPE (Committee on Publication Ethics) for JITCS: Journal of Information Technology and Cyber Security

  1. Ownership and Copyright:

    1. JITCS: Journal of Information Technology and Cyber Security respects the intellectual property rights of authors. The copyright for individual articles published in JITCS is retained by the respective authors, unless otherwise specified.
    2. The articles published in JITCS are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0), which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial, and no modifications or adaptations are made.
    3. JITCS serves as the initial publisher of the articles, providing them with the first publication platform.

  2. Permissions and Usage:

    1. Distribution for Non-Commercial Purposes: Permitted: Users are allowed to distribute the article for non-commercial purposes, provided the original work is properly cited and no modifications or adaptations are made.
    2. Distribution for Commercial Purposes: Not Permitted: The article may not be distributed for any commercial purposes without obtaining prior written permission from the author(s).
    3. Inclusion in a Collective Work (e.g., Anthology) for Non-Commercial Purposes: Permitted: Users are allowed to include the article in a collective work, such as an anthology, as long as the use is non-commercial and the work remains unchanged.
    4. Inclusion in a Collective Work for Commercial Purposes: Not Permitted: The article may not be included in any collective work or anthology intended for commercial purposes without prior permission from the author(s).
    5. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works (e.g., Translation) for Non-Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for non-commercial purposes.
    6. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works for Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for commercial purposes.
    7. Text or Data Mining for Non-Commercial Purposes: Permitted: Users are permitted to engage in text or data mining of the article for non-commercial research purposes, provided the original work is properly attributed.
    8. Text or Data Mining for Commercial Purposes: Not Permitted: Users may not engage in text or data mining of the article for commercial purposes without obtaining explicit permission from the author(s).

  3. Attribution and Citation:

    1. Proper attribution and citation of the published work should be provided when using or referring to content from JITCS. This includes clearly indicating the authors, the title of the article, the journal name (JITCS), the volume/issue number, the publication year, and the article's DOI (Digital Object Identifier) when available.
    2. When adapting or modifying the published content, proper attribution to the original source should be given, and the adapted or modified content should be shared under the same CC BY-NC-ND 4.0 license.

  4. Plagiarism and Copyright Infringement:

    1. JITCS considers plagiarism and copyright infringement as serious ethical violations. Authors are responsible for ensuring that their submitted work is original and does not infringe upon the copyright or intellectual property rights of others.
    2. Any allegations of plagiarism or copyright infringement will be investigated promptly and thoroughly. If proven, appropriate actions, including rejection of the manuscript, retraction of the published article, or other corrective measures, will be taken.

  5. Open Access Licensing:

    1. JITCS supports open access publishing and encourages authors to consider publishing their work under the CC BY-NC-ND 4.0 license to promote the dissemination and use of knowledge in the field of information technology and cyber security.
    2. The specific terms and conditions of the CC BY-NC-ND 4.0 license will be clearly indicated on the published articles.

  6. Policy Review: This Copyright Notice will be periodically reviewed and updated to ensure its continued relevance and compliance with copyright laws, ethical standards, and open access principles in scholarly publishing. Any updates or revisions to the notice will be communicated to the relevant stakeholders.

By adhering to this Copyright Notice, JITCS aims to protect the rights of authors, promote proper attribution and citation practices, and facilitate the responsible and legal use of the published content in accordance with the CC BY-NC-ND 4.0 license.