An Efficient Sieve Technique In Mobile Malware Detection

• Main Author: Mas'ud, Mohd Zaki
• Format: Thesis
• Language: English; English
• Published: 2018
• Subjects: T Technology (General); TK Electrical engineering. Electronics Nuclear engineering
• Online Access: http://eprints.utem.edu.my/id/eprint/23684/; http://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=113016

Proliferation of mobile devices in the market has radically changed the way people handle their daily life activities.Rapid growth of mobile device technology has enabled users to use mobile device for various purposes such as web browsing,ubiquitous services,social networking,MMS and many more.Nowadays,Google’s Android Operating System has become the most popular choice of operating system for mobile devices since Android is an open source and easy to use.This scenario has also ignited possibility of malicious programs to exploit mobile devices and consequently expose any sensitive transaction made by the user.A malware ability to quickly evolve has made mobile malware detection a more complex. Antivirus and signature based IDS require a constant signature database update to keep up with the new malware,thus exhausting a mobile device’s resources.Even though,an anomaly-based detection can overcome this matter,an anomaly detection still produces a high amount of false alarms.Therefore,this research aims to improve Mobile Malware Detection by improving the accuracy,True Positive and True Negative as well as minimizing the False Positive rate using an n-gram system call sequence approach and a sieve technique.This research analyses the behaviour and traces of mobile malware application activity dynamically as mobile malware is executed on a mobile platform.Analysis done on mobile malware activity shows behaviour and traces of benign and malicious mobile applications are able to be distinctively classified through invocation of system call to a kernel level system by a mobile application.However,an n-gram system call sequence generated by this approach can contribute to a large amount of logged features that can consume a mobile device’s memory and storage.Hence this research, introduces a sieve technique in Mobile Malware Detection process in order to search for an optimum set of n-gram system call.In order to evaluate the performance of the proposed approach Accuracy,True Positive Rate,True Negative Rate,False Positive Rate and Receiver Operating Characteristic curve are measured with dataset of mobile malware from Malware Gnome Project and benign mobile application from Google Play Store.The experiment finding indicates the 3-gram system call sequence is capable of improving Mobile Malware Detection performance in terms of accuracy as well as minimizing the false alert.Whereas the sieve technique is able to reduce number of ngram system call features and providing an optimize 3-gram system call sequence features.The outcome indicate that a Mobile Malware Detection using 3-gram system call sequence as features and sieve technique is able to be used in improving a Mobile Malware Detection in classifying the benign and malicious mobile applications. The evaluation and validation shows that a Mobile Malware Detection using 3-gram system call sequence with sieve technique improve the classification performance.As a conclusion the 3-gram system call sequence Mobile Malware Detection with sieve technique is capable of classifying the benign and malicious mobile application more accurately and at the same time minimizing the false alarm.