Abstract
The increasing number of mobile devices using the Android operating system in the market makes these devices the first target for malicious applications. In recent years, several Android malware applications were developed to perform certain illegitimate activities and harmful actions on mobile devices. In response, specific tools and anti-virus programs used conventional signature-based methods in order to detect such Android malware applications. However, the most recent Android malware apps, such as zero-day, cannot be detected through conventional methods that are still based on fixed signatures or identifiers. Therefore, the most recently published research studies have suggested machine learning techniques as an alternative method to detect Android malware due to their ability to learn and use the existing information to detect the new Android malware apps. This paper presents the basic concepts of Android architecture, Android malware, and permission features utilized as effective malware predictors. Furthermore, a comprehensive review of the existing static, dynamic, and hybrid Android malware detection approaches is presented in this study. More significantly, this paper empirically discusses and compares the performances of six supervised machine learning algorithms, known as K-Nearest Neighbors (K-NN), Decision Tree (DT), Support Vector Machine (SVM), Random Forest (RF), Naïve Bayes (NB), and Logistic Regression (LR), which are commonly used in the literature for detecting malware apps.
Highlights
Android constitutes the most common mobile operating system [1] that presently dominates the smartphone market
It compares and discusses the performances of six supervised machine learning algorithms, which are commonly used in the literature for detecting malware apps, known as K-Nearest Neighbors (K-NN), Decision Tree (DT), Support Vector Machine (SVM), Random Forest (RF), Naïve Bayes (NB), and Logistic Regression (LR)
The Android operating system is a stack of components that can be defined as consisting of five layers that organize the functions of the system in the form of the Linux kernel layer, hardware abstractor layer, Android libraries layer, Java application program interfaces (API) framework layer, and system application layer
Summary
Android constitutes the most common mobile operating system [1] that presently dominates the smartphone market. Many Android commercial tools and antivirus programs have been developed to detect android malware applications Most of these commercial Android malware detection tools are based on using fixed signatures or identifiers. These commercial tools, only perform well in detecting the Android malware applications with known signatures or identifiers and may fail to detect the unknown Android malware apps [5] that have been developed more recently, especially zero-day malware apps In other words, these commercial tools are unable to make accurate decisions when determining whether the new Android app is a malware or not [6][7]. Numerous research works [8][9][4][10] focused on training machine learning classification algorithms based on known Android malware apps in order to detect unknown Android malware applications.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have