Android-based malware classification using algorithm with particle swarm optimization /
The detection rate of any malware detection system depends on the quality of selected applications features and feature selection techniques. The basic idea in this thesis is to use apriori algorithm to generate candidates (flagbearers) from the feature set of android applications for classification...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
Kuala Lumpur :
Kulliyyah of Information and Communication Techology, International Islamic University Malaysia,
2017
|
| Subjects: | |
| Online Access: | http://studentrepo.iium.edu.my/handle/123456789/5625 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The detection rate of any malware detection system depends on the quality of selected applications features and feature selection techniques. The basic idea in this thesis is to use apriori algorithm to generate candidates (flagbearers) from the feature set of android applications for classification into malicious or benign application. Thereafter, association rules are formulated from the generated candidates of android applications for classification. The apriori algorithm has been used in the generation of best features from set of features for apriori association rule, which is used to extract rules from the features of applications for the classification and detection of malware. Apriori algorithm however, needs to be improved in order to enhance the generation of best flagbearers and extraction of rules and thereby increases the detection rate of the detection system. The quality of feature selection techniques also needs to be improved through the use of an adequate and appropriate data model. Previous mobile malware detectors either used permission-based or API-based features for the detection of malicious applications. This malware detection system improved apriori algorithm using particle swarm optimization and permission-based features of android mobile applications to improve the classification system and detection rate of malicious applications. Benign and malicious android applications are gathered separately and permission-based features are extracted from each application. The best features extracted from the applications are selected using apriori algorithm, particle swarm optimization and new model apriori algorithm with particle swarm optimization (AA-PSO). Association rules are generated from the selected features using association rule mining (apriori association rule), FP-Growth association rule, sequential rule mining (CMRules), and new model apriori association rule with particle swarm optimization (AAR-PSO) and used to train seven different classification algorithms. The rules are partitioned into training and test set and used for data training and testing, cross-validation, and resubstitution training accordingly. The results showed that using the candidates generated from the proposed model AA-PSO with most classification algorithms and classification techniques, the rate of true positive detection is considerably high while the false positive alarm is low. The model AA-PSO also performs better in terms of time and memory consumption compare to AA and PSO. The classification results show that the new model apriori association rules and particle swarm optimization (AAR-PSO) has better results of accuracy and true positive detection rate of 98.17% and 98.25% than PSO (97.63% and 98.07%), AAR ( 94.44% and 97.87%), CMR (97.71% and 96.34%), FP-Growth (95.80% and 96.08%), respectively. |
|---|---|
| Physical Description: | xvii, 254 leaves : illustrations ; 30cm. |
| Bibliography: | Includes bibliographical references (leaves 192-203). |