LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learning
This study aims to compare the longitudinal performance between machine learning and deep learning classifiers for Android malware detection, employing different levels of feature abstraction. Using a dataset of 200k Android apps labeled by date within a 10-year range (2013-2022), we propose the Lon...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Scientific Research Support Fund of Jordan (SRSF) and Princess Sumaya University for Technology (PSUT)
2023-12-01
|
| Series: | Jordanian Journal of Computers and Information Technology |
| Subjects: | |
| Online Access: | https://www.jjcit.org/?mno=167554 |
| _version_ | 1797441209335021568 |
|---|---|
| author | Abdelhak Mesbah Ibtihel Baddari Mohamed Amine Raihla |
| author_facet | Abdelhak Mesbah Ibtihel Baddari Mohamed Amine Raihla |
| author_sort | Abdelhak Mesbah |
| collection | DOAJ |
| description | This study aims to compare the longitudinal performance between machine learning and deep learning classifiers for Android malware detection, employing different levels of feature abstraction. Using a dataset of 200k Android apps labeled by date within a 10-year range (2013-2022), we propose the LongCGDroid, an image-based effective approach for Android malware detection. We use the semantic Call Graph API representation that is derived from the Control Flow Graph and Data Flow Graph to extract abstracted API calls. Thus, we evaluate the longitudinal performance of LongCGDroid against API changes. Different models are used, machine learning models (LR, RF, KNN, SVM) and deep learning models (CNN, RNN). Empirical experiments demonstrate a progressive decline in performance for all classifiers when evaluated on samples from later periods. Whereas, the deep learning CNN model under the class abstraction maintains a certain stability over time. In comparison with eight state-of-the-art approaches, LongCGDroid achieves higher accuracy. [JJCIT 2023; 9(4.000): 328-346] |
| first_indexed | 2024-03-09T12:20:44Z |
| format | Article |
| id | doaj.art-4dc1c77bbc2a424ab19ecd75cc205e1b |
| institution | Directory Open Access Journal |
| issn | 2413-9351 2415-1076 |
| language | English |
| last_indexed | 2024-03-09T12:20:44Z |
| publishDate | 2023-12-01 |
| publisher | Scientific Research Support Fund of Jordan (SRSF) and Princess Sumaya University for Technology (PSUT) |
| record_format | Article |
| series | Jordanian Journal of Computers and Information Technology |
| spelling | doaj.art-4dc1c77bbc2a424ab19ecd75cc205e1b2023-11-30T22:41:05ZengScientific Research Support Fund of Jordan (SRSF) and Princess Sumaya University for Technology (PSUT)Jordanian Journal of Computers and Information Technology2413-93512415-10762023-12-019432834610.5455/jjcit.71-1693392249167554LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learningAbdelhak Mesbah0Ibtihel Baddari1Mohamed Amine Raihla2University M'Hamed Bougara of Boumerdes University M'Hamed Bougara of Boumerdes University M'Hamed Bougara of BoumerdesThis study aims to compare the longitudinal performance between machine learning and deep learning classifiers for Android malware detection, employing different levels of feature abstraction. Using a dataset of 200k Android apps labeled by date within a 10-year range (2013-2022), we propose the LongCGDroid, an image-based effective approach for Android malware detection. We use the semantic Call Graph API representation that is derived from the Control Flow Graph and Data Flow Graph to extract abstracted API calls. Thus, we evaluate the longitudinal performance of LongCGDroid against API changes. Different models are used, machine learning models (LR, RF, KNN, SVM) and deep learning models (CNN, RNN). Empirical experiments demonstrate a progressive decline in performance for all classifiers when evaluated on samples from later periods. Whereas, the deep learning CNN model under the class abstraction maintains a certain stability over time. In comparison with eight state-of-the-art approaches, LongCGDroid achieves higher accuracy. [JJCIT 2023; 9(4.000): 328-346]https://www.jjcit.org/?mno=167554android securitymalware detectionmachine learningadjacency matrixlongitudinal evaluation |
| spellingShingle | Abdelhak Mesbah Ibtihel Baddari Mohamed Amine Raihla LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learning Jordanian Journal of Computers and Information Technology android security malware detection machine learning adjacency matrix longitudinal evaluation |
| title | LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learning |
| title_full | LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learning |
| title_fullStr | LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learning |
| title_full_unstemmed | LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learning |
| title_short | LongCGDroid: Android malware detection through longitudinal study for machine learning and deep learning |
| title_sort | longcgdroid android malware detection through longitudinal study for machine learning and deep learning |
| topic | android security malware detection machine learning adjacency matrix longitudinal evaluation |
| url | https://www.jjcit.org/?mno=167554 |
| work_keys_str_mv | AT abdelhakmesbah longcgdroidandroidmalwaredetectionthroughlongitudinalstudyformachinelearninganddeeplearning AT ibtihelbaddari longcgdroidandroidmalwaredetectionthroughlongitudinalstudyformachinelearninganddeeplearning AT mohamedamineraihla longcgdroidandroidmalwaredetectionthroughlongitudinalstudyformachinelearninganddeeplearning |