Android malware classification based on random vector functional link and artificial Jellyfish Search optimizer.

Emad T Elkabbash,Sherif I Barakat,Reham R Mostafa

doi:10.1371/journal.pone.0260232

Emad T Elkabbash, Sherif I Barakat + Show 1 more

Open Access

https://doi.org/10.1371/journal.pone.0260232

Copy DOI

Journal: PloS one	Publication Date: Nov 19, 2021
Citations: 10	License type: CC BY 4.0

Affiliation: Mansoura University

Abstract

Smartphone usage is nearly ubiquitous worldwide, and Android provides the leading open-source operating system, retaining the most significant market share and active user population of all open-source operating systems. Hence, malicious actors target the Android operating system to capitalize on this consumer reliance and vulnerabilities present in the system. Hackers often use confidential user data to exploit users for advertising, extortion, and theft. Notably, most Android malware detection tools depend on conventional machine-learning algorithms; hence, they lose the benefits of metaheuristic optimization. Here, we introduce a novel detection system based on optimizing the random vector functional link (RVFL) using the artificial Jellyfish Search (JS) optimizer following dimensional reduction of Android application features. JS is used to determine the optimal configurations of RVFL to improve classification performance. RVFL+JS minimizes the runtime of the execution of the optimized models with the best performance metrics, based on a dataset consisting of 11,598 multi-class applications and 471 static and dynamic features.

Highlights

Worldwide, Android is the most common operating system (OS) with 87% of the OS market share as of 2021, with 1.6 billion users [1]
The performance metrics to evaluate and compare the algorithms combined with the random vector functional link (RVFL) network include accuracy, sensitivity, specificity, precision, false-positive rate (FPR), and F1-score [40]
Because we performed our classification on a multi-class dataset, we calculated performance metrics as:

Summary

Introduction

Android is the most common operating system (OS) with 87% of the OS market share as of 2021, with 1.6 billion users [1]. There are currently 3.04 million apps available for download in the Google Play store, surpassing 1 million apps in July 2013 [2] Attackers, or those who wish to target users for malicious or nefarious purposes, capitalize on this broad distribution by exploiting many vulnerabilities present in the Android OS [3], including those pertaining to web views, dirty unstructured supplementary service data, Android secure socket layer/transport layer security, Android near-field communication, social and sharing authentication flaws, and zygote sockets and repackaging.

Methods

Results

Discussion

Conclusion