FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications
The Android operating system, which is popular on mobile devices, creates concerns for users due to the malware it is exposed to. Android allows applications to be downloaded and installed outside the official application store. Applications installed from third-party environments threaten users’ pr...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-02-01
|
| Series: | Engineering Science and Technology, an International Journal |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2215098624003318 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832087469015695360 |
|---|---|
| author | Kazım Kılıç İsmail Atacak İbrahim Alper Doğru |
| author_facet | Kazım Kılıç İsmail Atacak İbrahim Alper Doğru |
| author_sort | Kazım Kılıç |
| collection | DOAJ |
| description | The Android operating system, which is popular on mobile devices, creates concerns for users due to the malware it is exposed to. Android allows applications to be downloaded and installed outside the official application store. Applications installed from third-party environments threaten users’ privacy and security. Deep learning-based methods are popular for detecting Android malware. However, deep learning methods contain a large number of parameters and have high memory consumption and are graphics card dependent architectures. To overcome these difficulties, a detection architecture using lightweight Broad learning method that provides high detection performance as an alternative to layer stacking found in deep structures is presented. Our method is based on a lightweight deep neural network architecture based on broad learning to reveal hidden factors to detect Android malware. The proposed architecture uses the Factor Analysis (FA) dimension reduction method to reveal hidden factors within the hybrid features of Android applications. The features extracted by factor analysis are expanded using the broad learning method and fed to a deep neural network with two hidden layers. In the proposed method, the learning ability of the deep neural network architecture, which has strong computational ability, is increased with the broad learning technique. The Kronodroid dataset is used to validate our approach. The Kronodroid dataset is a dataset consisting of malware and benign applications, specifically designed to examine and explore the concept drift and cross-device detection issues in the problem domain. The Kronodroid dataset contains different datasets obtained from both real devices and emulator runtimes. The tests of our method were carried out separately with the features extracted in the real device and emulator runtime. In this way, the behaviors of malicious applications in different environments were compared. In order to verify the effectiveness of the factor analysis method, the classification performance was measured by extracting 32, 64, 128, and 256 features with different dimensionality reduction techniques. As a result of the experiments conducted using different rates of expansion with the broad learning method, a 98.20% accuracy value was achieved on the real device dataset with the proposed architecture. An accuracy value of 97.90% was produced on the emulator dataset. In order to compare the proposed method on different datasets, 4000 applications were downloaded from the Androzoo environment to create a hybrid feature dataset. The proposed method achieved 98.40% accuracy on the Androzoo dataset. The experimental results reveal that the broad learning method increases the performance compared to the raw features. The findings show that the proposed broad learning-based method exhibits successful performance compared to similar studies based on deep learning using ensemble learning methods and layer stacking. |
| format | Article |
| id | doaj-art-2d8cec25af0644e5b79cca0a1a6439a8 |
| institution | Kabale University |
| issn | 2215-0986 |
| language | English |
| publishDate | 2025-02-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Engineering Science and Technology, an International Journal |
| spelling | doaj-art-2d8cec25af0644e5b79cca0a1a6439a82025-02-06T05:11:51ZengElsevierEngineering Science and Technology, an International Journal2215-09862025-02-0162101945FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applicationsKazım Kılıç0İsmail Atacak1İbrahim Alper Doğru2IoTLab, Department of Computer Engineering, Gazi University, Ankara, Turkey; Department of Computer Engineering, Graduate School Natural of Applied Sciences, Gazi University, Ankara, Turkey; Corresponding author at: IoTLab, Department of Computer Engineering, Gazi University, Ankara, Turkey.IoTLab, Department of Computer Engineering, Gazi University, Ankara, TurkeyIoTLab, Department of Computer Engineering, Gazi University, Ankara, TurkeyThe Android operating system, which is popular on mobile devices, creates concerns for users due to the malware it is exposed to. Android allows applications to be downloaded and installed outside the official application store. Applications installed from third-party environments threaten users’ privacy and security. Deep learning-based methods are popular for detecting Android malware. However, deep learning methods contain a large number of parameters and have high memory consumption and are graphics card dependent architectures. To overcome these difficulties, a detection architecture using lightweight Broad learning method that provides high detection performance as an alternative to layer stacking found in deep structures is presented. Our method is based on a lightweight deep neural network architecture based on broad learning to reveal hidden factors to detect Android malware. The proposed architecture uses the Factor Analysis (FA) dimension reduction method to reveal hidden factors within the hybrid features of Android applications. The features extracted by factor analysis are expanded using the broad learning method and fed to a deep neural network with two hidden layers. In the proposed method, the learning ability of the deep neural network architecture, which has strong computational ability, is increased with the broad learning technique. The Kronodroid dataset is used to validate our approach. The Kronodroid dataset is a dataset consisting of malware and benign applications, specifically designed to examine and explore the concept drift and cross-device detection issues in the problem domain. The Kronodroid dataset contains different datasets obtained from both real devices and emulator runtimes. The tests of our method were carried out separately with the features extracted in the real device and emulator runtime. In this way, the behaviors of malicious applications in different environments were compared. In order to verify the effectiveness of the factor analysis method, the classification performance was measured by extracting 32, 64, 128, and 256 features with different dimensionality reduction techniques. As a result of the experiments conducted using different rates of expansion with the broad learning method, a 98.20% accuracy value was achieved on the real device dataset with the proposed architecture. An accuracy value of 97.90% was produced on the emulator dataset. In order to compare the proposed method on different datasets, 4000 applications were downloaded from the Androzoo environment to create a hybrid feature dataset. The proposed method achieved 98.40% accuracy on the Androzoo dataset. The experimental results reveal that the broad learning method increases the performance compared to the raw features. The findings show that the proposed broad learning-based method exhibits successful performance compared to similar studies based on deep learning using ensemble learning methods and layer stacking.http://www.sciencedirect.com/science/article/pii/S2215098624003318Broad learningAndroid malwareHybrid analysisFactor analysisArtificial intelligence |
| spellingShingle | Kazım Kılıç İsmail Atacak İbrahim Alper Doğru FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications Engineering Science and Technology, an International Journal Broad learning Android malware Hybrid analysis Factor analysis Artificial intelligence |
| title | FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications |
| title_full | FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications |
| title_fullStr | FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications |
| title_full_unstemmed | FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications |
| title_short | FABLDroid: Malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications |
| title_sort | fabldroid malware detection based on hybrid analysis with factor analysis and broad learning methods for android applications |
| topic | Broad learning Android malware Hybrid analysis Factor analysis Artificial intelligence |
| url | http://www.sciencedirect.com/science/article/pii/S2215098624003318 |
| work_keys_str_mv | AT kazımkılıc fabldroidmalwaredetectionbasedonhybridanalysiswithfactoranalysisandbroadlearningmethodsforandroidapplications AT ismailatacak fabldroidmalwaredetectionbasedonhybridanalysiswithfactoranalysisandbroadlearningmethodsforandroidapplications AT ibrahimalperdogru fabldroidmalwaredetectionbasedonhybridanalysiswithfactoranalysisandbroadlearningmethodsforandroidapplications |