The widespread adoption of Android smartphones has made them increasingly attractive and vulnerable to malicious cyber threats. Such malware can jeopardize user privacy, steal personal data, and inflict considerable damage. This creates an urgent need for effective malware detection methods for Android systems. Traditional signature-based approaches fall short as malware developers continuously devise new evasion techniques. Consequently, developing sophisticated and cutting-edge malware detection strategies is essential to safeguard Android users’ security and protect their personal information. To tackle this issue, in this paper, we propose a novel approach leveraging several Machine Learning (ML) and Deep Learning (DL) techniques to analyze network traffic to identify and detect malware on Android-based systems. We applied ML and DL techniques to analyze a comprehensive dataset consisting of malicious and benign APKs for network traffic. Specifically, we implemented the model using Decision Tree, KNearestNeighbour, Random Forest, XGBoost, Logistic Regression, Support Vector Machine, and Deep Neural Network. XGB Classifier outperforms other models with an F1-score (weighted) of 0.9323. Furthermore, we interpreted the model’s decisions using SHapley Additive exPlanations, Local Interpretable Model-agnostic Explanations, and counterfactual analysis. Our method enhances the precision and clarity of mobile malware detection, deepens our understanding of the characteristics of malicious Android applications, and advances the overarching goal of improving mobile security.

Network Traffic-Based Malware Detection for Android Devices

Nicolazzo S.;Nocera A.;
2025-01-01

Abstract

The widespread adoption of Android smartphones has made them increasingly attractive and vulnerable to malicious cyber threats. Such malware can jeopardize user privacy, steal personal data, and inflict considerable damage. This creates an urgent need for effective malware detection methods for Android systems. Traditional signature-based approaches fall short as malware developers continuously devise new evasion techniques. Consequently, developing sophisticated and cutting-edge malware detection strategies is essential to safeguard Android users’ security and protect their personal information. To tackle this issue, in this paper, we propose a novel approach leveraging several Machine Learning (ML) and Deep Learning (DL) techniques to analyze network traffic to identify and detect malware on Android-based systems. We applied ML and DL techniques to analyze a comprehensive dataset consisting of malicious and benign APKs for network traffic. Specifically, we implemented the model using Decision Tree, KNearestNeighbour, Random Forest, XGBoost, Logistic Regression, Support Vector Machine, and Deep Neural Network. XGB Classifier outperforms other models with an F1-score (weighted) of 0.9323. Furthermore, we interpreted the model’s decisions using SHapley Additive exPlanations, Local Interpretable Model-agnostic Explanations, and counterfactual analysis. Our method enhances the precision and clarity of mobile malware detection, deepens our understanding of the characteristics of malicious Android applications, and advances the overarching goal of improving mobile security.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11571/1556436
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact