This paper discusses the effects of rebooting a system on the identification of Android malware with the help of ensemble machine learning models. By examining the CCCS-CIC-AndMal-2020 dataset, we assess the malware behavior, both prior to and following the system reboot, with respect to attributes such as memory usage, API interactions, network activity, and more. Our revised methodology shows considerable improvements in the detection accuracy across various malware types through the integration of both before and after reboot knowledge. For instance, the detection accuracy for Adware rose from 55.59% to 90.57%, and the accuracy for Trojan Bank detection increased from 80.55% to 89.79%. The revised methodology improves the accuracy for 11 out of 14 malware categories. Rebooting affects malware behavior, reducing activity in most categories while some persist by modifying API calls or memory allocations. Certain strains exploit reboots to evade detection or reinitialize. This analysis improves malware category prediction to 96.18%, providing insights into system state shifts and strengthening detection strategies.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Optimizing Malware Detection in Android Devices: A Synergistic Approach Combining Rebooting Insights and Advanced Machine Learning Models

  • Nethra Prathapaneni,
  • S. Anuswethaa,
  • Kartik Srinivasan,
  • Pratyul Kapoor,
  • Sulakshan Vajipayajula,
  • Senthil Kumar Thangavel

摘要

This paper discusses the effects of rebooting a system on the identification of Android malware with the help of ensemble machine learning models. By examining the CCCS-CIC-AndMal-2020 dataset, we assess the malware behavior, both prior to and following the system reboot, with respect to attributes such as memory usage, API interactions, network activity, and more. Our revised methodology shows considerable improvements in the detection accuracy across various malware types through the integration of both before and after reboot knowledge. For instance, the detection accuracy for Adware rose from 55.59% to 90.57%, and the accuracy for Trojan Bank detection increased from 80.55% to 89.79%. The revised methodology improves the accuracy for 11 out of 14 malware categories. Rebooting affects malware behavior, reducing activity in most categories while some persist by modifying API calls or memory allocations. Certain strains exploit reboots to evade detection or reinitialize. This analysis improves malware category prediction to 96.18%, providing insights into system state shifts and strengthening detection strategies.