Light-weight Classification Model for Android Malware through the Dimensional Reduction of API Call Sequence using PCA (PCA 기반 API Call 정보의 차원 축소를 통한 경량화된 안드로이드 악성코드 분류 모델)

Dong-Ha Jeon (전동하); Soojin Lee (이수진)

doi:10.9708/jksci.2022.27.11.123

Light-weight Classification Model for Android Malware through the Dimensional Reduction of API Call Sequence using PCA

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2022, 27(11), pp.123-130
DOI : 10.9708/jksci.2022.27.11.123
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : October 12, 2022
Accepted : November 11, 2022
Published : November 30, 2022

Dong-Ha Jeon ¹, Soojin Lee ¹

¹국방대학교

Accredited

ABSTRACT

Recently, studies on the detection and classification of Android malware based on API Call sequence have been actively carried out. However, API Call sequence based malware classification has serious limitations such as excessive time and resource consumption in terms of malware analysis and learning model construction due to the vast amount of data and high-dimensional characteristic of features. In this study, we analyzed various classification models such as LightGBM, Random Forest, and k-Nearest Neighbors after significantly reducing the dimension of features using PCA(Principal Component Analysis) for CICAndMal2020 dataset containing vast API Call information. The experimental result shows that PCA significantly reduces the dimension of features while maintaining the characteristics of the original data and achieves efficient malware classification performance. Both binary classification and multi-class classification achieve higher levels of accuracy than previous studies, even if the data characteristics were reduced to less than 1% of the total size.

KEYWORDS

API-Call, PCA, Dimensional Reduction, LGBM, RF, KNN

Citation status

* References for papers published after 2023 are currently being built.

[web] Statista Research Department / Global market share smartphone operating systems of unit shipments 2014-2023 / https://www.statista.com/statistics/272307/market-share-forecast-forsmartphone-operating-systems/

[web] Statcounter / Mobile Operating System Market Share Worldwide / https://gs.statcounter.com/os-market-share/mobile/south-korea/#monthly-202108-202208

[web] Zimperium / Financially Motivated Mobile Scamware Exceeds 100M Installations / https://blog.zimperium.com/dark-herringandroid-.scamware-exceeds-100m-installations

[journal] H. Abdi / 2010 / Principal component analysis / Wiley interdisciplinary reviews: computational statistics 2(4) : 433~459

[journal] L. Shilpa / 2010 / Feature Reduction using Principal Component Analysis for Anomaly-Based Intrusion Detection on NSL-KDD / International Journal of Engineering Science and Technology 2(6) : 1790~1799

[confproc] Y. Liu / 2010 / Sketch-based streaming PCA algorithm for network-wide traffic anomaly detection / 2010 IEEE 30th International Conference on Distributed Computing Systems : 807~816

[journal] 계효선 / 2021 / PCA-Based Low-Complexity Anomaly Detection / 한국통신학회논문지 / 한국통신학회 46(6) : 941~955

[confproc] W. Subhash / 2020 / Intrusion detection system using PCA with random forest approach / 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC) / IEEE : 803~808

[journal] Dissanayake, Maheshi B / 2021 / Feature Engineering for Cyber-attack detection in Internet of Things / J Wireless and Microwave Technologies 6 : 46~54

[confproc] A. Rahali / 2020 / DIDroid: Android Malware Classification and Characterization Using Deep Image Learning / Proc. of the 10th International Conference on Communication and Network Security (ICCNS2020) : 70~82

[confproc] N. Peiravian / 2014 / Machine Learning for Android Malware Detection Using Permission and API Calls / Proc. of the 2013 IEEE 25th International Conference on Tools with Artificial Intelligence : 300~305

[journal] A. D. Lorenzo / 2020 / Visualizing the outcome of dynamic analysis of Android malware with VizMal / Journal of Information Security and Applications 50

[confproc] D. S. Keyes / 2021 / EntropLyzer: Android Malware Classification and Characterization Using Entropy Analysis of Dynamic Characteristics / Proc. of the 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS) : 1~8

[journal] 황희진 / 2021 / Dimensionality Reduction of Feature Set for API Call based Android Malware Classification / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 26(11) : 41~49

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Light-weight Classification Model for Android Malware through the Dimensional Reduction of API Call Sequence using PCA

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Light-weight Classification Model for Android Malware through the Dimensional Reduction of API Call Sequence using PCA

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (14) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.