Malware Detection through Call System on Android Smartphone Using Vector Machine Method

Abstract

The current growth of the smartphone with Android operating system-based has increased rapidly. This rapid growth has given access for certain parties to make it as a crime target through malware spreading. Various efforts are needed to be taken to minimize the number of Android users, which are victimized by these malware activities. The encountered problem is that there is increasing the ability of malware that causes difficulties in the malware detection process. In general, the usual solution taken to handle this issue is by doing the malware detection using a signature-based method. However, this method can be easily avoided by polymorphic-ability kind of malware. Therefore, it is necessary to develop a dynamic behavioral-based malware detection through observing the use of System Call. Considering the large number of malware that have to be detected and the system call that should be observed, the help of machine learning is needed for the classification process purpose, one of which is Support Vector Machine (SVM) method. This study shows that the observation towards system call with its classification using SVM yields 90% accuracy for polynomial kernel and 86% for the RBF kernel. This proves that the system call can be used to make polymorphic malware detection. In this research, however, the use of the system call is not able to distinctly distinguish between malware and nonmalware. This has something to do with the use of the same accustomed data with the experimental data. The classification result could reach a quite high level of accuracy because the experimental data used are the observation result from the same application with the accustomed data. This is considered a weakness since this method is unable to identify new applications in which its system call frequency has never been observed and trained with SVM.