FG-Droid: Grouping based feature size reduction for Android malware detection


ARSLAN R. S.

PEERJ COMPUTER SCIENCE, vol.8, 2022 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 8
  • Publication Date: 2022
  • Doi Number: 10.7717/peerj-cs.1043
  • Journal Name: PEERJ COMPUTER SCIENCE
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, Directory of Open Access Journals
  • Keywords: Permission grouping, Size reduction, Android OS, Security, Malware detection
  • Kayseri University Affiliated: Yes

Abstract

Background. The number of applications prepared for use on mobile devices has increased rapidly with the widespread use of the Android OS. This has resulted in the undesired installation of Android application packages (APKs) that violate user privacy or are malicious. The increasing similarity between Android malware and benign applications makes it difficult to distinguish them from each other and causes a situation of concern for users.Methods. In this study, FG-Droid, a machine-learning based classifier, using the method of grouping the features obtained by static analysis, was proposed. It was created because of experiments with machine learning (ML), deep neural network (DNN), recurrent neural network (RNN), long short-term memory (LSTM), and gated recurrent unit (GRU)-based models using Drebin, Genome, and Arslan datasets.Results. The experimental results revealed that FG-Droid achieved a 97.7% area under the receiver operating characteristic (ROC) curve (AUC) score with a vector including only 11 static features and the ExtraTree algorithm. While reaching a high classification rate, only 0.063 seconds were needed for analysis per application. This means that the proposed feature selection method is faster than all traditional feature selection methods, and FG-Droid is one of the tools to date with the shortest analysis time per application. As a result, an efficient classifier with few features, low analysis time, and high classification success was developed using a unique feature grouping method.