Supervised Learning Methods Comparison for Android Malware Detection Based on System Calls Referring to ARM (32-bit/EABI) Table

Authors

DOI:

https://doi.org/10.30996/jitcs.10511

Keywords:

Android, Decision Tree, Machine Learning, Malware Detection, Supervised Learning, Naive Bayes

Abstract

Android malware detection research is a topic that is still being developed. From all the detection techniques developed, dynamic analysis methods have become interesting because they trace the suspect application system calls. Based on the system calls, by utilizing machine learning, the suspect application can be classified as malware or benign. Comparing the machine learning methods is im-portant to determine what method is best to support malware detection. This article aims to explain more clearly and simply the way to conduct Android malware detection based on system calls step by step using classification. Furthermore, it presents the system calls sequence conversion referring to the arm(32-bit/EABI) table, which has 398 system calls (0-397) as features. It will provide a compari-son of several supervised machine-learning methods for classifying Android applications. This initial research is part of the other research that has the purpose of developing a malware detection system based on an Android application. This research can be used to develop the best machine learning to classify malware applications using a Support Vector Machine (SVM), Decision Tree (DT), K-Nearest Neighbour (KNN), and Naive Bayes (NB). The result can be concluded that the KNN method has the lowest performance in detecting Android malware apps, with an accuracy of only 0.50. In comparison, the NB method has an accuracy of only 0,69. SVM and DT models have similar accuracy and recall results of 0.79 and 0.75, respectively, but DT obtained higher precision and scores of 0.83 and 0.76, respectively. Although in this study, the classification performance of DT is better than SVM, based on comparison with the results of previous research, SVM is a suitable method for Android malware de-tection based on system calls. It is proven by the results of research comparisons that the SVM method is always the method with the highest accuracy score among other methods. For the next research, the SVM method can be used to develop a malware detection system for Android applications.

Downloads

Download data is not yet available.

Author Biographies

Rinanza Zulmy Alhamri, Politeknik Negeri Malang

Department of Information Technology

Toga Aldila Cinderatama, Politeknik Negeri Malang

Department of Information Technology

Kunti Eliyen, Politeknik Negeri Malang

Department of Information Technology

Abidatul Izzah, Politeknik Negeri Malang

Department of Information Technology

Downloads

Published

2024-06-20

How to Cite

Alhamri, R. Z., Cinderatama, T. A., Eliyen, K., & Izzah, A. (2024). Supervised Learning Methods Comparison for Android Malware Detection Based on System Calls Referring to ARM (32-bit/EABI) Table. Journal of Information Technology and Cyber Security, 2(1), 15–24. https://doi.org/10.30996/jitcs.10511

Issue

Vol. 2 No. 1 (2024): January

Section

Research Article

License

 

Copyright Notice based on COPE (Committee on Publication Ethics) for JITCS: Journal of Information Technology and Cyber Security

  1. Ownership and Copyright:

    1. JITCS: Journal of Information Technology and Cyber Security respects the intellectual property rights of authors. The copyright for individual articles published in JITCS is retained by the respective authors, unless otherwise specified.
    2. The articles published in JITCS are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0), which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial, and no modifications or adaptations are made.
    3. JITCS serves as the initial publisher of the articles, providing them with the first publication platform.

  2. Permissions and Usage:

    1. Distribution for Non-Commercial Purposes: Permitted: Users are allowed to distribute the article for non-commercial purposes, provided the original work is properly cited and no modifications or adaptations are made.
    2. Distribution for Commercial Purposes: Not Permitted: The article may not be distributed for any commercial purposes without obtaining prior written permission from the author(s).
    3. Inclusion in a Collective Work (e.g., Anthology) for Non-Commercial Purposes: Permitted: Users are allowed to include the article in a collective work, such as an anthology, as long as the use is non-commercial and the work remains unchanged.
    4. Inclusion in a Collective Work for Commercial Purposes: Not Permitted: The article may not be included in any collective work or anthology intended for commercial purposes without prior permission from the author(s).
    5. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works (e.g., Translation) for Non-Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for non-commercial purposes.
    6. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works for Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for commercial purposes.
    7. Text or Data Mining for Non-Commercial Purposes: Permitted: Users are permitted to engage in text or data mining of the article for non-commercial research purposes, provided the original work is properly attributed.
    8. Text or Data Mining for Commercial Purposes: Not Permitted: Users may not engage in text or data mining of the article for commercial purposes without obtaining explicit permission from the author(s).

  3. Attribution and Citation:

    1. Proper attribution and citation of the published work should be provided when using or referring to content from JITCS. This includes clearly indicating the authors, the title of the article, the journal name (JITCS), the volume/issue number, the publication year, and the article's DOI (Digital Object Identifier) when available.
    2. When adapting or modifying the published content, proper attribution to the original source should be given, and the adapted or modified content should be shared under the same CC BY-NC-ND 4.0 license.

  4. Plagiarism and Copyright Infringement:

    1. JITCS considers plagiarism and copyright infringement as serious ethical violations. Authors are responsible for ensuring that their submitted work is original and does not infringe upon the copyright or intellectual property rights of others.
    2. Any allegations of plagiarism or copyright infringement will be investigated promptly and thoroughly. If proven, appropriate actions, including rejection of the manuscript, retraction of the published article, or other corrective measures, will be taken.

  5. Open Access Licensing:

    1. JITCS supports open access publishing and encourages authors to consider publishing their work under the CC BY-NC-ND 4.0 license to promote the dissemination and use of knowledge in the field of information technology and cyber security.
    2. The specific terms and conditions of the CC BY-NC-ND 4.0 license will be clearly indicated on the published articles.

  6. Policy Review: This Copyright Notice will be periodically reviewed and updated to ensure its continued relevance and compliance with copyright laws, ethical standards, and open access principles in scholarly publishing. Any updates or revisions to the notice will be communicated to the relevant stakeholders.

By adhering to this Copyright Notice, JITCS aims to protect the rights of authors, promote proper attribution and citation practices, and facilitate the responsible and legal use of the published content in accordance with the CC BY-NC-ND 4.0 license.