On the 19th of May 2021, the College of Computing and Informatics held the Master's thesis defense of Mr. Ali Saif Al-Zaabi, entitled "An Evaluation of Different Feature Combinations for Android Smartphone Malware Detection and Categorization using Machine Learning", under the supervision of Dr. Djedjiga Mouheb, Assistant Professor at the Department of Computer Science. Special appreciation and acknowledgments to the members of the examining committee, Prof. Madjid Merabti, Dr. Farkhund Iqbal, and Dr. Ibrahim Abaker Hashem, for their invaluable time to review the research work.
The research addresses the issue of malware in Android smartphones. Android operating system is widely used around the world. However, Android devices are vulnerable to cyber-attacks from malicious applications. This can compromise the security of the devices, thus affecting the privacy of any personal or financial information. Although solutions to counter malicious applications have been proposed, however Android malware developers constantly try to come up with ways to bypass security and inflict damage to Android users.
In this context, the thesis explores and evaluates different approaches to detect Android malware using machine learning and deep learning techniques and classifiers. In particular, the thesis proposes a framework that utilizes both dynamic and static analyses for malware identification. However, instead of analyzing the Android app statically and dynamically simultaneously, the app is first analyzed in a static layer, which means if any malware has been detected there will be no need to analyze the app dynamically. If the Android app is predicted as benign, it will have to go through another layer of analysis, which involves using a dynamic approach. The proposed framework improves on the performance as there is no need to always analyze an app dynamically, which can be time consuming.
Furthermore, the research categorizes the detected malware apps into their respective categories (adware, spyware, trojan, etc.), after they had been analyzed as malware by any of the first two layers. Categorizing malware apps can help security experts with analyzing zero-day malware.
The results of the research show that analyzing an Android app statically and training an eXtreme Gradient Boosting (XGBoost) classifier on the static features can reach an accuracy of 94% within seconds. In addition, analyzing the app dynamically and training a Linear Classifier on those features achieves an accuracy of 88% also in a matter of seconds. Finally, for categorizing malware, a simple 4-layer Deep Neural Network achieves an accuracy of 83%.
The research presentation was concluded by summarizing the benefits of the proposed framework using machine learning and AI techniques for Android malware detection as well as possible future directions. The research also emphasized the importance of developing innovative solutions to create a safe environment for Android smartphone owners as the Android smartphone market share is over 70% globally.