Analyzing and comparing the effectiveness of various machine learning algorithms for Android malware detection

Abstract

Android is the most extensively adopted mobile operating system in the world. The free third-party programmes that may be downloaded and installed contribute to this success by offering a wide range of features and functionalities. However, the freedom to utilize any third-party programme has spawned a never-ending tide of ever-evolving malicious software intending to harm the user in some way, shape, or form. In this work, we propose and show many methods for detecting malware on Android. An in-process detection system is built, including data analytics. It may use the detection system to look over your current app set and find any malicious software so you can remove it. Models based on machine learning allow for this to be accomplished. It has been investigated how well the models perform with two distinct feature sets: permissions and signatures. Initially, each dataset undergoes exploratory data analysis and feature engineering to narrow down the vast array of attributes. The next step is to determine if an application is malicious or safe using one of many supervised classification models derived from data mining. Different models' performance metrics are examined to find the method that provides the best outcomes for this malware detection task. Ultimately, it is seen that the signatures-based method is superior to the permissions-based. Classification methods such as k-nearest neighbours (kNN), logistic regression, support vector machines (SVM), and random forests (RF) are all equivalent in their efficacy.