Modeling A Malware Detection And Categorization System Based On Seven Network Flow-Based Features

Abstract: Although several models have been developed for detecting and categorizing malicious Android applications, most network-based frameworks utilize long lists of network features to achieve an average classification accuracy (85.09%), and precision (89.10%). Our proposed model streamlines these lists to seven network flow-based features and achieved an average classification accuracy of (93.62%), success rate (92.68%), and a false positive (0.083). Experiments were carried out to evaluate the performance of three machine learning algorithms (Naive Bayes, J48 and, Random Forest) thereby identifying the best learner(s). Different sizes of training data were also considered for different experiments in other to evaluate learning rates based on different data size. At the end of our experiments, we identified seven top network flow-based features that can be used to effectively detect and categorize android malware. Keywords: Network flow-based features, machine learning, Android malware, malware detection and classification, malware family

Go to Article

Leave a Reply