Android Mobile Malware Classification Based on System Call and Permission Using Tokenization
The increasing number of the smartphone over the last few years reflects an impressive growth in the number of sophisticated malicious applications targeting the smartphone users. Besides that, the current mobile malware classification and detection approaches produced inconsistent patterns' st...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | en_US |
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The increasing number of the smartphone over the last few years reflects an impressive growth in the number of sophisticated malicious applications targeting the smartphone users. Besides that, the current mobile malware classification and detection approaches produced inconsistent patterns' string size which can lead to matching complexity between data thus, the new advanced malware exploitation and threat are hard to be detected. Therefore, system call and permission are extracted from the dataset which are based on call log exploitation and a new mobile malware classification based on tokenization is developed. The experiment is conducted by using the static and dynamic
approaches in a controlled lab and by using open source software. 5560 dataset from Drebin were used as training dataset and 500 anonymous dataset from Google Play store were used as a testing dataset. Based on the experiment conducted, 464 of new mobile malware classifications based on tokenization have been developed. Then these classifications are transformed and tested by using WEKA by applying 4 different machine learning algorithms which are SVM, Random Forest Naive Bayes and 548. As a result, Naive Bayes outperforms the rest of the algorithms with 99.86% of accuracy rate. This new classification can be used as a guidance and reference for other researchers with the same interest. For future work, this new classification can be used as a basis to build a new model to detect mobile attacks exploitation via call log exploitation. |
|---|