Android Malware Detection Using Dynamic Feature Analysis

Abstract

Android is a widely used operating system but with its success, it also faces issues with malware threats. With advanced technology, malware is also becoming complex making it challenging to detect. Android malware detection techniques are used to detect malware on Android operating systems. There are mainly two types of detection techniques which are static and dynamic analysis. This thesis is focused on the dynamic analysis of Android malware. The use of machine learning or deep learning for malware detection requires datasets. These datasets Malware Researchers developed many machine learning models and deep learning models to detect Android malware considering static as well as dynamic features-based datasets. We consider features extracted from system executions and we perform multi-class classification of malware categories in this study, by considering all malware classes (Adware, Backdoor, File Infector, PUA, Ransomware, Riskware, Scareware, Trojan, TrojanBanker, Trojan-Dropper, Trojan-SMS, Trojan-Spy and zero-day) by using deep learning algorithm as it outperforms machine learning in high dimensional data. We use the CIC-AndMal-2020 dataset, the newly developed dataset for multi-class classification. It consists of 13 prominent malware classes and 141 features. We also perform statistical analysis on the dataset (p-value analysis and correlation) to identify the relationship between features and statistical analysis of the model (bias and variance) to arrive at the optimal model. We evaluate the proposed algorithm using performance metrics i.e. accuracy, precision, recall, ROC-AUC analysis, and F1-Score and, finally, compare our results with existing studies. Our results outperform previous dynamic analysis results.