Comparison of classification algorithms for mobile malware detection: market metadata as input source

Baltacı, Nuray
The prevalence of mobile devices has been catching the attention of malware authors especially for Android OS supported devices due to its user-centric security policy and open application development strategy for its official application market. In this study, an automated feature-based static analysis method was applied to detect malicious mobile applications on Android devices. The main purpose of the study is to investigate the contribution of other application market metadata to the detection of malicious applications in addition to requested permissions. Hence, the information of applications presented on the official market when a user wants to download them was used as the feature set for training supervised classification algorithms. This feature set includes permissions requested from the user at the installation time, and other metadata about an application including but not limited to application category, download number category, and developer name. Additionally, different classification algorithms were compared in terms of their predictive accuracy and the effect of feature selection algorithms on the improvement of classification task was investigated. Naïve Bayes, k-nearest neighbor, J48 and random forest were chosen as classification algorithms. As filter-based algorithms, Chi-Square, Information Gain and ReliefF feature selection methods were utilized to reduce the number of attributes used to train those classification algorithms.
Citation Formats
N. Baltacı, “Comparison of classification algorithms for mobile malware detection: market metadata as input source,” M.S. - Master of Science, Middle East Technical University, 2014.