Performance Analysis of Machine Learning Methods with Class Imbalance Problem in Android Malware Detection

Authors

  • Abimbola Ganiyat Akintola
  • Abdullateef Balogun University of Ilorin http://orcid.org/0000-0001-7411-3639
  • Hammed Adeleke Mojeed
  • Fatima Usman-Hamza
  • Shakirat Aderonke Salihu
  • Kayode Sakariyau Adewole
  • Ghaniyyat Bolanale Balogun
  • Peter Ogirima Sadiku

DOI:

https://doi.org/10.3991/ijim.v16i10.29687

Keywords:

Android, Malware detection, Machine learning, Data sampling

Abstract


Due to the exponential rise of mobile technology, a slew of new mobile security concerns has surfaced recently. To address the hazards connected with malware, many approaches have been developed. Signature-based detection is the most widely used approach for detecting Android malware. This approach has the disadvantage of being unable to identify unknown malware. As a result of this issue, machine learning (ML) for identifying and categorising malware apps was created. Conventional ML methods are concerned with increasing classification accuracy. However, the standard classification method performs poorly in recognising malware applications due to the unbalanced real-world datasets. In this study, an empirical analysis of the detection performance of ML methods in the presence of class imbalance is conducted. Specifically, eleven (11) ML methods with diverse computational complexities were investigated. Also, a synthetic minority oversampling technique (SMOTE) and random undersampling (RUS) are deployed to address the class imbalance in the Android malware datasets. The experimented ML methods are tested using the Malgenome and Drebin Android malware datasets that contain features gathered from both static and dynamic malware approaches. According to the experimental findings, the performance of each experimented ML method varies across the datasets. Moreover, the presence of class imbalance deteriorated the performance of the ML methods as their performances were amplified with the deployment of data sampling methods (SMOTE and RUS) used to alleviate the class imbalance problem. Besides, ML models with SMOTE technique are superior to other experimented methods. It is therefore recommended to address the inherent class imbalance problem in Android Malware detection.

Downloads

Published

2022-05-24

How to Cite

Akintola, A. G., Balogun, A., Mojeed, H. A., Usman-Hamza, F., Salihu, S. A., Adewole, K. S. ., … Sadiku, P. O. (2022). Performance Analysis of Machine Learning Methods with Class Imbalance Problem in Android Malware Detection. International Journal of Interactive Mobile Technologies (iJIM), 16(10), pp. 140–162. https://doi.org/10.3991/ijim.v16i10.29687

Issue

Section

Papers