Static Detection Method of Android Adware Based on Improved Random Forest Algorithm

doi:10.3969/j.issn.1671-1122.2023.02.010

Abstract

Abstract:

Android adware shows advertisement in a disruptive way, and has the possibility to further transform into malware which posed a serious threat to user’s smartphone. The traditional adware detection method has high time costs and depends on dynamic feature of Android adware, making it difficult to respond to large-scale, high-precision detection requirements. To solve this problem, an Android adware static detection method based on improved random forest algorithm was proposed. Based on the characteristics of android adware, on the basis of traditional application programming interface, permission and intent, the third party library was included in the scope of feature selection. Statically decompile all the APK of adware collected in the dataset and extract the static information from them, and the static information was statistically analyzed to obtain the high-frequency information. After filtering this information, the base feature set was determined, and the static information in each APK was extracted and transforms into the feature vector, based on the idea of ensemble, used a variety of feature selection algorithms to joinly select features for model training and gave feature weights. Finally, the improved random forest algorithm based feature weights was used to improve the accuracy of the classifier, 5751 adware and 3465 non-adware application were selected for classification detection. The experimental results prove that the method has a faster speed while ensuring the accuracy.

Key words: Android, adware, static detection, machine learning

CLC Number:

TP309

HU Zhijie, CHEN Xingshu, YUAN Daohua, ZHENG Tao. Static Detection Method of Android Adware Based on Improved Random Forest Algorithm[J]. Netinfo Security, 2023, 23(2): 85-95.

Figures/Tables 14

References 22

[1]	STATCOUNTER. Mobile Operating System Market Share Worldwide[EB/OL]. (2021-09-01)[2022-09-01]. https://gs.statcounter.com/os-market-share/mobile/worldwide.
[2]	CHEBYSHEV V. Mobile Malware Evolution 2020[EB/OL]. (2020-03-01)[2022-09-01]. https://securelist.com/mobile-malware-evolution-2020/101029/.
[3]	DARTMOUTH. A Course on Android Malware Analysis[EB/OL]. (2020-12-14)[2022-09-01]. https://www.youtube.com/watch?v=CwCOGf4Uunk.
[4]	NDAGI J Y, ALHASSAN J K. Machine Learning Classification Algorithms for Adware in Android Devices: A Comparative Evaluation and Analysis[C]// IEEE. 2019 15th International Conference on Electronics, Computer and Computation. New York: IEEE, 2019: 1-6.
[5]	IDESES I, NEUBERGER A. Adware Detection and Privacy Control in Mobile Devices[C]// IEEE. Electrical & Electronics Engineers in Israel. New York: IEEE, 2014: 1-5.
[6]	LEE K, PARK H. Malicious Adware Detection on Android Platform Using Dynamic Random Forest[C]// Springer. 13th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing. Berlin:Springer, 2019: 609-617.
[7]	SURESH S, DI T F, POTIKA K, et al. An Analysis of Android Adware[J]. Journal of Computer Virology and Hacking Techniques, 2019, 15(3): 147-160. doi: 10.1007/s11416-018-0328-8 URL
[8]	BAGUI S, BENSON D. Android Adware Detection Using Machine Learning[J]. International Journal of Cyber Research and Education, 2021, 3(2): 1-19
[9]	LIU Bin, NATH S, GOVINDAN R, et al. DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps[C]// USENIX. 11th USENIX Symposium on Networked Systems Design and Implementation. Berkeley: USENIX, 2014: 57-70.
[10]	DONG Feng, WANG Haoyu, LI Li, et al. FraudDroid: Automated Ad Fraud Detection for Android Apps[C]// ACM. 26th ACM Joint Meeting on European Software Engineering Conference/ Symposium on the Foundations of Software Engineering. New York: ACM, 2018: 257-268.
[11]	LIU Tianming, WANG Haoyu, LI Li, et al. MadDroid: Characterising and Detecting Devious Ad Content for Android Apps[C]// ACM. 29th World Wide Web Conference. New York: ACM, 2020: 1715-1726.
[12]	DOGTIEV A. Top Mobile Advertising Companies (2021)[EB/OL]. (2021-12-23)[2022-09-27]. https://www.businessofapps.com/ads.
[13]	DOGTIEV A. Real Time Bidding Advertising Networks[EB/OL]. (2021-12-23)[2022-08-26]. https://www.businessofapps.com/ads/real-time-bidding-rtb/.
[14]	TREND MICRO. Mobile Ad Fraud Schemes: How They Work, and How to Defend Against Them[EB/OL]. (2019-04-26)[2022-07-17]. https://www.trendmicro.com/vinfo/us/security/news/mobile-safety/mobile-ad-fraud-schemes-how-they-work-and-how-to-defend-against-them.
[15]	WANG Haoyu, GUO Yao, MA Ziang, et al. WuKong: a Scalable and Accurate Two-Phase Approach to Android App Clone Detection[C]// ACM. 2015 International Symposium on Software Testing & Analysis. New York: ACM, 2015: 71-82.
[16]	GOLOVIN I, KIVVA A. Aggressive in-App Advertising in Android[EB/OL]. (2020-05-25)[2022-09-01]. https://securelist.com/in-app-advertising-in-android/97065/.
[17]	GOLOVIN I, KIVVA A. An Advertising Dropper in Google Play[EB/OL]. (2019-08-27)[2022-09-16]. https://securelist.com/dropper-in-google-play/92496/.
[18]	MA Ziang, WANG Haoyu, GUO Yao, et al. LibRadar: Fast and Accurate Detection of Third-Party Libraries in Android Apps[C]// IEEE. 2016 IEEE/ACM 38th International Conference on Software Engineering Companion. New York: IEEE, 2017: 653-656.
[19]	LI Li, BISSYANDE T F, KLEIN J, et al. An Investigation into the Use of Common Libraries in Android Apps[C]// IEEE. 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering. New York: IEEE, 2016: 403-414.
[20]	HAN Hui, WANGWenyuan, MAOBinghuan. Borderline-SMOTE: A New Over-Sampling Method in Imbalanced Data Sets Learning[C]// Springer. 2005 International Conference on Intelligent Computing. Berlin:Springer, 2005: 878-887.
[21]	HE Haibo, BAI Yang, GARCIA E A, et al. ADASYN: Adaptive Synthetic Sampling Approach for Imbalanced Learning[C]// IEEE. 2008 International Joint Conference on Neural Networks. New York: IEEE, 2008: 1322-1328.
[22]	SEBASTI’AN S, CABALLERO J. AVclass2: Massive Malware Tag Extraction from AV Labels[C]// ACM. Annual Computer Security Applications Conference. New York: ACM, 2020: 42-53.

硬件配置	软件配置
Intel(R) Core(TM) i7-9750H CPU @2.60 GHz 2.59 GHz	Windows 10 (64 bit) PyCharm 2021
16.0 GB RAM	AndroGuard Jupyter Notebook

算法	Recall	Precision	F1值
SVM	99.78%	100%	99.89%
RF	99.92%	99.98%	99.95%
NB	100%	70.05%	82.39%
Bagging	100%	65.08%	78.85%
DT	99.94%	99.94%	99.94%
W-RF	99.99%	99.95%	99.97%

算法	Recall	Precision	F1值
SVM	99.66%	99.67%	99.66%
RF	99.96%	99.97%	99.97%
NB	100%	69.55%	82.04%
Bagging	100%	64.39%	78.34%
DT	99.94%	99.94%	99.94%
W-RF	100%	99.93%	99.97%