Feature Selection and Evaluation of Permission-based Android Malware Detection

K, Santosh Jhansi; Chakravarty, Sujata; Varma, P. Ravi Kiran

doi:10.1109/icoei48184.2020.9142929

Cited by 8 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As we can see, close to 48% of the total research works used in this review based their approach on either ML or DL classifiers/techniques [110]- [115]. Either they fed the extracted features directly to the machine learning classifiers to be dealt with or used techniques like gain ratio, correlation coefficient [29], mutual information, relief [36] Fig. 1: Statistics depicting the most commonly used techniques to build an Android malware analysis/detection system considering permissions etc., to compute the feature score.…”

Section: Techniques Usedmentioning

confidence: 92%

“…Monitored the permission usage within the application and with the system Li et al [20] Ranking based on the frequency of permissions being requested. Sahin et al [21] Linear Regression Talha et al [22] Combined Risk score calculated for each app Varma et al [23] Used permissions as features to study the performance of ML algorithms Mahindru et al [24] Discarded the ones not installed or starting at launching stage Dogru et al [25] Permission groups score calculated, to sum up an app's Risk Score Rathore et al [26] Variance threshold, autoencoders, and PCA Shang et al [27] Reduced the permission set with Pearson's Correlation Coefficient Tchakounte et al [28] Similarity score based on sequence alignment Ju et al [16] Manual pattern recognition to existing malware permissions patterns Ilham et al [29] Gain Ratio, Information Gain, Correlation Coefficient, CFS subset Evaluator Sahin et al [30] Relevance Frequency Angelo et al [31] Mapped the permissions on the x-y plane using their corresponding protection level Xiong et al [32] Used unique and common permissions patterns from both datasets as weak Classifier Lu et al [33] Improved RF algorithms along with introducing fuzzy sets of samples Kavitha et al [34] PCA and Sequential Forward selection, Limiting the permissions by accepting or denying each permission separately according to Dangerous level E. Amer [35] Developed an ensemble comprising multiple classifiers Chakravarty et al [36] Information Gain, Relief, Gain Ratio Pondugula et al [37] Deep Neural Network model Sahal et al [38] Ranking based on permissions class frequency Tuan Mat et al [39] Used Bayes classifier after optimising features using Chi-Square Test Wang et al [40] Association rule Mining, PCA , Deep Cross Network Park et al [41] Reduced features by removing built-in, custom, dangerous, and permissions that are used at least once Liang et al [42] Generated k maps for permission combinations based on their usage Enck et al [14] Presented analysis of the newly launched Android OS in 2009 Enck et al [17] Defined rules based upon dangerous level and possible negative impact Wang et al…”

Section: Techniques Usedmentioning

confidence: 99%

“…Malware datasets used Zhang et al [19] Genome Li et al [20] Anzhi Store Sahin et al [21] [216] Talha et al [22] Contagio, Drebin, Genome Varma et al [23] [217] Mahindru et al [24] [218], [219], Genome, and AndroMal-Share 15 Dogru et al [25] Drebin Rathore et al [26] Drebin Shang et al [27] -Tchakounte et al [28] CIC-AndMal2017 Ju et al [16] -Ilham et al [29] AMD Sahin et al [30] Kaggle Angelo et al [31] Unisa malware dataset (UMD) 16 Xiong et al [32] [217] Lu at el. [33] Baidu application market 17 , Genome, Virusshare Kavitha et al [34] -E. Amer [35] Drebin, Genome Chakravarty et al [36] AMD Pondugula et al [37] For training data from IEEE DataPort, and sites like droidbench Sahal et al [38] Contagio, Genome Tuan Mat et al [39] Androzoo and Drebin Wang et al [40] Virusshare, Genome Park et al [41] AndroZoo Liang et al [42] Genome Enck et al [14] -Enck et al [17] Android Market Wang et al [43] Genome Peng et al [44] Genome Pandita et al [45] -Samra et al [46] -Yerima et al [47] Genome Aung et al [48] -Yerima et al [49] Genome Sanz et al [50] VirusTotal Moonsamy et al [51] Genome Backes et al [52] -Wu et al [53] Con...…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

A comprehensive review on permissions-based Android malware detection

Sharma,

Arora

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The first Android-ready "G1" phone debuted in late October 2008. Since then, the growth of Android malware has been explosive analogous to the rise in the popularity of Android. The major positive aspect of Android has been its open-source nature, which empowers app developers to expand their work. But at the same time, authors with malicious intentions pose grave threats to users. In the presence of such threats, Android malware detection is the need of an hour. Consequently, researchers have proposed various techniques involving static, dynamic, and hybrid analysis to address such threats using numerous features in the last decade. But the feature that most researchers have extensively used to perform malware analysis and detection in Android security is Android permission. Hence, to provide a clarified overview of the latest and past work done in Android malware analysis and detection, we perform a comprehensive literature review using permissions as a central feature or in combination with other components by collecting and analyzing 200 studies from January 2009 to February 2023. We extracted information such as the choice opted by researchers between analysis or detection, techniques used to select or rank the permissions feature set, features used along with permissions, detection models employed, the malware datasets used by researchers, and lastly, the limitations and challenges in the field of Android malware detection to propose some future research directions. Additionally, based on the information extracted, we answer the six research questions designed considering the above factors.

show abstract

Section: Techniques Usedmentioning

confidence: 92%

Section: Techniques Usedmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A comprehensive review on permissions-based Android malware detection

Sharma,

Arora

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…Many researchers have proposed numerous feature selection techniques to address this issue. Chakravarty et al [22] compared three feature selection methods: Gain ratio, Information Gain, and Relief. The proposed method uses feature selection on four different classification algorithms, and the results showed that the gain ratio obtained higher performance in most classification algorithms and achieved 94.47% accuracy.…”

Section: Feature Selectionmentioning

confidence: 99%

“…The feature selection process involves identifying and removing less significant features from a dataset to decrease the complexity of machine learning and increase the model accuracy. Previous research on malware detection has proved that the gain ratio performs better than other feature selection methods [22]. Thus, this research also uses the gain ratio method in the Android malware detection model as a feature selection method.…”

Section: Gain Ratiomentioning

confidence: 99%

Android Malware Classification Using Gain Ratio and Ensembled Machine Learning

Ansori,

Slamet,

Ghufron

et al. 2024

IJSSE

View full text Add to dashboard Cite

Recently, the number of Android users has significantly increased, which has made Android a target for attackers to launch their malicious activities. Malware or malicious code is often embedded in Android apps to gain access to the user's device and retrieve personal data. Researchers have explored various approaches to mitigate the spread of Android malware. Besides, the Android malware dataset has huge dimensions with hundreds of features. Choosing the proper feature selection method is one of the challenges for producing a reliable detection model. This paper proposes an approach to detecting Android malware and classifying it into five categories using gain ratio feature selection and an ensemble machine learning algorithm. Features are reduced based on their importance value through the gain ratio calculation method. Then, features that are considered necessary are included in a classification process that combines many models. Experiment using the CICMalDroid2020 (Canadian Institute for Cybersecurity Malware of Android 2020) dataset shows that the proposed approach can improve detection performance. Gain ratio feature selection improves the detection accuracy in several machine learning classification algorithms, 2.59% in Naï ve Bayes, 0.90% in 𝑘-Nearest Neighbor, and 2.29% in Support Vector Machine. Thus, the ensembled machine learning models of Random Forest, Extra Tree, and k-Nearest Neighbors achieved the highest performance, with an accuracy of 94.57% and a precision score of 94.71%.

show abstract

A new approach to android malware detection using fuzzy logic-based simulated annealing and feature selection

Seyfari,

Meimandi

2023

Multimed Tools Appl

View full text Add to dashboard Cite

Feature Selection and Evaluation of Permission-based Android Malware Detection

Cited by 8 publications

References 12 publications

A comprehensive review on permissions-based Android malware detection

A comprehensive review on permissions-based Android malware detection

Android Malware Classification Using Gain Ratio and Ensembled Machine Learning

A new approach to android malware detection using fuzzy logic-based simulated annealing and feature selection

Contact Info

Product

Resources

About