机构地区:[1]SAUDI ARAMCO Cybersecurity Chair,Department of Computer Science,College of Computer Science and Information Technology,Imam Abdulrahman Bin Faisal University,P.O.Box 1982,Dammam,31441,Saudi Arabia [2]Department of Computer Science,College of Computer Science and Information Technology,Imam Abdulrahman Bin Faisal University,P.O.Box 1982,Dammam,31441,Saudi Arabia [3]Computer Engineering Department,College of Computer Science and Information Technology,Imam Abdulrahman Bin Faisal University,P.O.Box 1982,Dammam,31441,Saudi Arabia [4]School of Computer Science and Technology,Zhejiang Gongshang University,Hangzhou,China
出 处:《Computers, Materials & Continua》2023年第9期3167-3188,共22页计算机、材料和连续体(英文)
基 金:funded by the SAUDI ARAMCO Cybersecurity Chair at Imam Abdulrahman Bin Faisal University,Saudi Arabia.
摘 要:One of the most widely used smartphone operating systems,Android,is vulnerable to cutting-edge malware that employs sophisticated logic.Such malware attacks could lead to the execution of unauthorized acts on the victims’devices,stealing personal information and causing hardware damage.In previous studies,machine learning(ML)has shown its efficacy in detecting malware events and classifying their types.However,attackers are continuously developing more sophisticated methods to bypass detection.Therefore,up-to-date datasets must be utilized to implement proactive models for detecting malware events in Android mobile devices.Therefore,this study employed ML algorithms to classify Android applications into malware or goodware using permission and application programming interface(API)-based features from a recent dataset.To overcome the dataset imbalance issue,RandomOverSampler,synthetic minority oversampling with tomek links(SMOTETomek),and RandomUnderSampler were applied to the Dataset in different experiments.The results indicated that the extra tree(ET)classifier achieved the highest accuracy of 99.53%within an elapsed time of 0.0198 s in the experiment that utilized the RandomOverSampler technique.Furthermore,the explainable Artificial Intelligence(EAI)technique has been applied to add transparency to the high-performance ET classifier.The global explanation using the Shapely values indicated that the top three features contributing to the goodware class are:Ljava/net/URL;->openConnection,Landroid/location/LocationManager;->getLastKgoodwarewnLocation,and Vibrate.On the other hand,the top three features contributing to themalware class are Receive_Boot_Completed,Get_Tasks,and Kill_Background_Processes.It is believed that the proposedmodel can contribute to proactively detectingmalware events in Android devices to reduce the number of victims and increase users’trust.
关 键 词:Android malware machine learning malware detection explainable artificial intelligence cyber security
分 类 号:TP181[自动化与计算机技术—控制理论与控制工程] TP393.08[自动化与计算机技术—控制科学与工程]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
