Enhancing Android Security: Analyzing Feature Sets in CICAndMal2017 and DroidFussion Datasets

This article was originally published as: Enhancing Android Security: Analyzing Feature Sets in CICAndMal2017 and DroidFussion Datasets

Original Article Link: Read Original Article

Download PDF: Click Here to Download PDF

Abstract

Because of the popularity of Android devices, many attackers spend lots of time and resources creating malicious applications aimed at breaching the security of Android device. Researchers on the other hand have not relented in seeking better ways of curbing attacks on Android devices. In other to achieve an efficient solution, researchers need large datasets to evaluate their solutions. Generating relevant data for this cause is however not an easy task, for this reason, several researchers rely on existing datasets.

In this paper, we evaluated the relevance of the feature sets of found in the CICAndMal2017 and DroidFussion datasets. During our study, we discovered the DroidFussion dataset has a higher variance and proved positive on some other parameters tested and as a result performed better. Results from the Random Forest classifier indicates that the Droid dataset achieved 90.0% precisions while the CICAndMal2017 achieved as low as 63% precision when tested following same conditions.

Authors

• Joshua Chibuike Sopuru (Girne American University)

Keywords

Android dataset, Android Malware, Machine learning, Network-flow features

References

1. Z. Aung and W. Zaw. Permission-based android malware detection. International Journal of Scientific & Technology Research, 2(3):228–234, 2013.
2. – C.-Y. Huang, Y.-T. Tsai, and C.-H. Hsu. Performance evaluation on permission-based detection for android malware. In Advances in Intelligent Systems and Applications-Volume 2, pages 111–120. Springer, 2013
3. – D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.- P. Wu. Droidmat: Android malware detection through manifest and api calls tracing. In 2012 Seventh Asia
4. Joint Conference on Information Security, pages 62–69. IEEE, 2012.
5. – Y. Nishimoto, N. Kajiwara, S. Matsumoto, Y. Hori, and K. Sakurai. Detection of android api call using logging mechanism within android framework. In International Conference on Security and Privacy in Communication Systems, pages 393–404. Springer, 2013. 5- P. P. Chan and W.-K. Song. Static detection of android malware by using permissions and api calls. In 2014 International Conference on Machine Learning and Cybernetics, volume 1, pages 82–87. IEEE, 2014.
6. – M. Zhang, Y. Duan, H. Yin, and Z. Zhao. Semanticsaware android malware classification using weighted contextual api dependency graphs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 1105–1116. ACM, 2014.
7. – Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 95–109. IEEE, 2012.
8. – A. Feizollah, N. B. Anuar, R. Salleh, G. Suarez-Tangil, and S. Furnell. Androdialysis: Analysis of android intent effectiveness in malware detection. computers & security, 65:121–134, 2017.
9. – D. Maiorca, F. Mercaldo, G. Giacinto, C. A. Visaggio,and F. Martinelli. R-packdroid: Api package-based characterization and detection of mobile ransomware.In Proceedings of the symposium on applied computing, pages 1718–1723. ACM, 2017.
10. -A. Desnos and P. Lantz. Droidbox: An android application sandbox for dynamic analysis. Lund Univ., Lund, Sweden, Tech. Rep, 2011.