Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions

Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions

Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for th...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Minki Kim, Daehan Kim, Changha Hwang, Seongje Cho, Sangchul Han, Minkyu Park
Formato: article
Lenguaje:EN
Publicado: MDPI AG 2021
Materias:
Android malware
malware family classification
machine learning
built-in permission
custom permission
balanced accuracy
Technology
T
Engineering (General). Civil engineering (General)
TA1-2040
Biology (General)
QH301-705.5
Physics
QC1-999
Chemistry
QD1-999
Acceso en línea:https://doaj.org/article/42e84cfec1774c0aa49eb9db94b74570
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:42e84cfec1774c0aa49eb9db94b74570
record_format dspace
spelling oai:doaj.org-article:42e84cfec1774c0aa49eb9db94b745702021-11-11T15:17:28ZMachine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions10.3390/app1121102442076-3417https://doaj.org/article/42e84cfec1774c0aa49eb9db94b745702021-11-01T00:00:00Zhttps://www.mdpi.com/2076-3417/11/21/10244https://doaj.org/toc/2076-3417Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for this problem, there are still several open questions including, “Which features, classifiers, and evaluation metrics are better for malware familial classification”? In this paper, we propose a machine learning approach to Android malware family classification using built-in and custom permissions. Each Android app must declare proper permissions to access restricted resources or to perform restricted actions. Permission declaration is an efficient and obfuscation-resilient feature for malware analysis. We developed a malware family classification technique using permissions and conducted extensive experiments with several classifiers on a well-known dataset, DREBIN. We then evaluated the classifiers in terms of four metrics: macrolevel F1-score, accuracy, balanced accuracy (BAC), and the Matthews correlation coefficient (MCC). BAC and the MCC are known to be appropriate for evaluating imbalanced data classification. Our experimental results showed that: (i) custom permissions had a positive impact on classification performance; (ii) even when the same classifier and the same feature information were used, there was a difference up to 3.67% between accuracy and BAC; (iii) LightGBM and AdaBoost performed better than other classifiers we considered.Minki KimDaehan KimChangha HwangSeongje ChoSangchul HanMinkyu ParkMDPI AGarticleAndroid malwaremalware family classificationmachine learningbuilt-in permissioncustom permissionbalanced accuracyTechnologyTEngineering (General). Civil engineering (General)TA1-2040Biology (General)QH301-705.5PhysicsQC1-999ChemistryQD1-999ENApplied Sciences, Vol 11, Iss 10244, p 10244 (2021)
institution DOAJ
collection DOAJ
language EN
topic Android malware
malware family classification
machine learning
built-in permission
custom permission
balanced accuracy
Technology
T
Engineering (General). Civil engineering (General)
TA1-2040
Biology (General)
QH301-705.5
Physics
QC1-999
Chemistry
QD1-999
spellingShingle Android malware
malware family classification
machine learning
built-in permission
custom permission
balanced accuracy
Technology
T
Engineering (General). Civil engineering (General)
TA1-2040
Biology (General)
QH301-705.5
Physics
QC1-999
Chemistry
QD1-999
Minki Kim
Daehan Kim
Changha Hwang
Seongje Cho
Sangchul Han
Minkyu Park
Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions
description Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for this problem, there are still several open questions including, “Which features, classifiers, and evaluation metrics are better for malware familial classification”? In this paper, we propose a machine learning approach to Android malware family classification using built-in and custom permissions. Each Android app must declare proper permissions to access restricted resources or to perform restricted actions. Permission declaration is an efficient and obfuscation-resilient feature for malware analysis. We developed a malware family classification technique using permissions and conducted extensive experiments with several classifiers on a well-known dataset, DREBIN. We then evaluated the classifiers in terms of four metrics: macrolevel F1-score, accuracy, balanced accuracy (BAC), and the Matthews correlation coefficient (MCC). BAC and the MCC are known to be appropriate for evaluating imbalanced data classification. Our experimental results showed that: (i) custom permissions had a positive impact on classification performance; (ii) even when the same classifier and the same feature information were used, there was a difference up to 3.67% between accuracy and BAC; (iii) LightGBM and AdaBoost performed better than other classifiers we considered.
format article
author Minki Kim
Daehan Kim
Changha Hwang
Seongje Cho
Sangchul Han
Minkyu Park
author_facet Minki Kim
Daehan Kim
Changha Hwang
Seongje Cho
Sangchul Han
Minkyu Park
author_sort Minki Kim
title Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions
title_short Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions
title_full Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions
title_fullStr Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions
title_full_unstemmed Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions
title_sort machine-learning-based android malware family classification using built-in and custom permissions
publisher MDPI AG
publishDate 2021
url https://doaj.org/article/42e84cfec1774c0aa49eb9db94b74570
work_keys_str_mv AT minkikim machinelearningbasedandroidmalwarefamilyclassificationusingbuiltinandcustompermissions
AT daehankim machinelearningbasedandroidmalwarefamilyclassificationusingbuiltinandcustompermissions
AT changhahwang machinelearningbasedandroidmalwarefamilyclassificationusingbuiltinandcustompermissions
AT seongjecho machinelearningbasedandroidmalwarefamilyclassificationusingbuiltinandcustompermissions
AT sangchulhan machinelearningbasedandroidmalwarefamilyclassificationusingbuiltinandcustompermissions
AT minkyupark machinelearningbasedandroidmalwarefamilyclassificationusingbuiltinandcustompermissions
_version_ 1718435553299398656

Ejemplares similares