Enhanced android malware detection framework using API application framework layer

• मुख्य लेखक: Abdul Ghani, Saidah Mastura
• स्वरूप: थीसिस
• भाषा: अंग्रेज़ी; अंग्रेज़ी
• प्रकाशित: 2023
• विषय: QA75 Electronic computers. Computer science; QA76 Computer software; TK Electrical engineering. Electronics Nuclear engineering
• ऑनलाइन पहुंच: http://eprints.utem.edu.my/id/eprint/29052/; https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=123843

Android is an open source mobile operating system which is gaining more popularity among users. Everyone is given the opportunities to develop Android application because of the existence of the API framework in Application Framework layer. Besides, Application Framework layer consists of manager blocks which can be used to access data in Android device, making the most vulnerable layer in which the malware developers like to exploit. This thesis was to develop an enhanced framework to detect Android malware application using Application Framework layer components. Static analysis technique was selected for developing the proposed enhanced framework. The proposed enhanced framework can be used to overcome the weaknesses of recent framework which are not categorizing the API into hierarchical level and used the inappropriate input for API data collection. Then, the experiment was carried out to test the effectiveness of the proposed enhanced framework using API and manager classes as parameters. By using Decision Tree, k-Nearest Neighbour and Random Forest algorithms, the results were analysed and the performance of the proposed enhanced framework was validated using Confusion Matrix calculation. The best performance of this proposed enhanced framework was obtained by using Decision Tree algorithms in both categories with accuracy of 82.75% for API category and 86.00% for manager classes category. Although the performance of detection rate was low, this proposed enhanced framework can still identify the malware behaviour using the categorization of API according to the hierarchical level of API. To improve the performance, a combination of parameters instead of using a single parameter should be utilised and a combination of dynamic and static analysis techniques should also be used for future research.