본문 바로가기
  • Home
Basic Search

Enhancing Sustainability of an Android Malware Detection Technique using K-means Clustering

  • Journal of Software Assessment and Valuation
  • Abbr : JSAV
  • 2024, 20(3), pp.21-32
  • DOI : 10.29056/jsav.2024.09.03
  • Publisher : Korea Software Assessment and Valuation Society
  • Research Area : Engineering > Computer Science
  • Received : September 7, 2024
  • Accepted : September 20, 2024
  • Published : September 30, 2024

Seongwon Jeong 1 Seokhyun Ahn 1 SEONG JE CHO 1 Dongjae Kim 1 Youngsup Hwang 2

1단국대학교
2선문대학교

Accredited

ABSTRACT

Traditional machine learning-based Android malicious app(malware) detection techniques have limitations in detecting new types of malware due to concept drift. In other words, traditional machine learning-based malware detection techniques may not be sustainable. Concept drift refers to the evolving nature of malware features over time and the resulting degradation in the performance of machine learning-based detection models In this paper, we propose a technique to improve the sustainability of the method for detecting Android malware using API call information and machine learning. In the proposed technique, apps are first grouped using K-means clustering, and then classification models are applied to detect malicious apps for each group. In the K-means clustering, the elbow method is used to find the optimal k value, and thresholding and hyperparameter optimization processes are applied to the classifiers for each cluster. The classifiers include random forest, K-nearest neighbor, and AdaBoost. The experimental results show that the random forest classifier showed the highest performance, with the F1 score and AUT value calculated by the micro-means method being improved by 20.1%p and 20.4%p, respectively, compared to the traditional random forest model.

Statistics

  • 23 Viewed
  • 16 Downloaded

Tools

Issue List

Citation status

* References for papers published after 2023 are currently being built.

Basic Search Advanced Search