Machine learning models and dimensionality reduction for improving the Android malware detection

作     者：Moran, Pablo Robles-Gomez, Antonio Duque, Andres Tobarra, Llanos Pastor-Vargas, Rafael 

作者机构：Univ Nacl Educ Distancia Dept Sistemas Comunicac & Control Madrid Spain Univ Nacl Educ Distancia Dept Lenguajes & Sistemas Informat Madrid Spain 

出 版 物：《PEERJ COMPUTER SCIENCE》 (PeerJ Comput. Sci.)

年 卷 期：2024年第10卷

页      面：e2616-e2616页

核心收录：

基　　金：CiberCSI UNED [CiberCSI UNED 2023-2024 LearnIoTOnCloud: 2023-PUNED-0018] CiberGID innovation group 2023-PUNED-0018 

主　　题：Machine Learning algorithms Random Forest Supervised feature selection techniques Feature filtering techniques Predictive goodness metrics 

摘      要：Today, a great number of attack opportunities for cybercriminals arise in Android, since it is one of the most used operating systems for many mobile applications. Hence, it is very important to anticipate these situations. To minimize this problem, the analysis of malware search applications is based on machine learning algorithms. Our work uses as a starting point the features proposed by the DREBIN project, which today constitutes a key reference in the literature, being the largest public Android malware dataset with labeled families. The authors only employ the support vector machine to determine whether a sample is malware or not. This work first proposes a new efficient dimensionality reduction of features, as well as the application of several supervised machine learning algorithms for prediction purposes. Predictive models based on Random Forest are found to achieve the most promising results. They can detect an average of 91.72% malware samples, with a very low false positive rate of 0.13%, and using only 5,000 features. This is just over 9% of the total number of features of DREBIN. It achieves an accuracy of 99.52%, a total precision of 96.91%, as well as a macro average F1-score of 96.99%.