A Comparative Analysis of Malware Detection Methods Traditional vs. Machine Learning

Abstract

Mobile devices have been the target of malicious software since their beginnings. Two known types of malware threats can intrude into mobile, independently injected applications and fraudulent applications that are developed to breach the security of mobile devices. Mostly these fraudulent applications access data using API calls and permission requests. API calls and permission requests are important for smooth conversation between mobile devices and database servers. This research proposes an efficient classification model that concatenates API calls and permission requests to detect malicious applications. We have used a dataset that contained more than 15 thousand Android devices’ malware. We have divided data into three groups to differentiate between the malicious permission requests and malicious API calls with normal permission requests and normal API calls. To increase the probability of recognizing Android malware applications, we develop three distinct grouping strategies for selecting the most valuable API calls that are obscure, critical, and obstreperous and are chosen because Android apps extensively use several application programming interfaces (APIs). According to the results, malware applications require authorizations to access confidential information very frequently than normal Android applications do. Also, malicious Android applications raise a diverse set of API calls to access sensitive data, evidenced by malware applications making a distinct set of API calls. Our proposed method attains an F-score of 94.04%, which suggests that it is efficient at discovering mobile malware applications. Our model can be of significant assistance in conducting mobile application analysis and forensic investigations into malware.