Malware Analysis and Detection using Hybrid Machine Learning

More Android applications mean more troublesome apps. This also shows a rise in user data concerns. This paper hopes to find a way to detect Android malware. Since detection is tough because of the many ways Malware flows through different networks, I have decided to combine a Machine Learning algorithm (ML) with Network Flows to detect Android malware. The dataset is 4,000 network flows. These network flows have source and destination data flows, including port numbers, protocols, flow time, number of packets, number of flows, inter-arrival times, flow flags, and counts. These features help analyze network flow Each of these data flows has a count of inter-arrival time, with its mean, standard deviation, and variance. Incomplete data flows had their gaps filled to maintain integrity. An info gain ranker was used to reduce data flow dimension. A total of 30 data flows was the target to optimize model performance. The dataset was split into 2800 and 1200 for training and testing, respectively, at 70 and 30 %. Several classifying algorithms were used for tests, including Random Forest (RF), J48, and Naïve Bayes (NB). The results show that NB has an accuracy of 93.5%. In contrast, J48 and RF achieved 94.35% and 96.25% (mean accuracy) respectively. This model has outperformed the HML models (decision stump, Random Forest, and Vote) with an accuracy of 98.33%, 96.41%, 99.66%, and 98.01%, respectively (F-measure), and with a 0.33%, 0.33%, and 5.41% improvement over the HML models. The results show that hybrid models enhance both detection accuracy and robustness of the models when compared to single classifiers. The results of this work show that the combination of feature selection and ensemble learning can process high-dimensional data of networks and offer an efficient and robust solution to practical Android malware detection.