Android Malware Detection Based on Network Traffic Using Decision Tree Algorithm
Android mobile operating system has well developed and gained absolute popularity among user. Although android is an open source operating system, it fits user daily life requirement nowadays. However, this is the reason why android malware keep on increasing every year. There are various method used to detect the occurrence of android malware such as based on static or dynamic analysis. Static analysis is favourable approach because it is quick and inexpensive. However, the static analysis unable to monitor the malicious application behavior during runtime. Therefore, we proposed a dynamic detection technique based on network traffic which records the application behavior during runtime. We consider seven network traffic features extracted from Drebin and Contagiodumpset dataset. The Drebin dataset achieved higher accuracy value with 98.4% as compared to Contagiodumpset dataset when tested using J48 decision tree algorithm.
KeywordsAndroid Malware Decision tree algorithm
The authors express appreciation to the Universiti Tun Hussein Onn Malaysia (UTHM). This research is supported by Short Term Grant vot number U653 and Gates IT Solution Sdn. Bhd. under its publication scheme.
- 1.Bisson, D.: Trojan found in more than 100 Android apps on Google Play Store. Cluley Associates Ltd. https://www.grahamcluley.com/advertising-trojan-100-android-apps-google-play-store/
- 2.Nazish: Dissecting android malware: characterization and evolution summarized by: Nazish Asad. 4 (2011)Google Scholar
- 3.Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of 1st ACM Work. Security and Privacy in Smartphones and Mobile Devices—SPSM 2011, p. 15 (2011)Google Scholar
- 4.Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: Proceedings of the 2010 International Conference on Computational Intelligence and Security, pp. 329–333 (2010)Google Scholar
- 5.Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android malware detection through manifest and API calls tracing. In: Proceedings of 2012 7th Asia Jt. Conference Information Security Asia JCIS 2012, pp. 62–69 (2012)Google Scholar
- 6.Suarez-Tangil, G., Dash, S.K., Ahmadi, M., Kinder, J., Giacinto, G., Cavallaro, L.: DroidSieve: fast and accurate classification of obfuscated android malware. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY 2017), pp. 309–320 (2017)Google Scholar
- 9.Malik, J., Kaushal, R.: CREDROID: Android malware detection by network traffic analysis. In: Proceedings of the 1st ACM Workshop on Privacy-Aware Mobile Computing (PAMCO 2016), pp. 28–36 (2016)Google Scholar
- 10.Sharma, D.: Android malware detection using decision trees and network traffic. 7(4), 1970–1974 (2016)Google Scholar