Murat DENER, Yusuf SÖNMEZ, Meltem SALMAN

CICMalDroid2020 Veri Kümesi Kullanılarak Kötü Amaçlı Yazılım Tespiti için Makine Öğrenimi Algoritmalarının Performans Analizi

Teknolojideki gelişmelere paralel olarak bilgiye erişim kolaylaşmıştır. Bu durumun hayatımıza pozitif etkisi olsa da bilginin hedef haline geldiği kaçınılmaz bir gerçektir. Kötü amaçlı kişiler tarafından bilgilerin çalınması, tehdit unsuru olarak kullanılması bilgi güvenliği konusunda endişelere sebep olmuştur. Bu amaçlarla geliştirilen kötücül yazılımlar, bilginin güvenliği açısından büyük bir tehlike oluşturmaktadır. Bilgiye erişim kolaylaştıkça artan bu durum karşısında araştırmacılar, kötücül yazılımların tespiti, engellenmesi ve bilgi güvenliğinin sağlanması konusunda çalışmalarına hız kazandırmışlardır. Literatürde, farklı çalışmalar ile kötücül yazılımların tespiti gerçekleştirildiği görülmektedir. Bu çalışmada ise, kötücül yazılım tespiti WEKA programı kullanarak gerçekleştirilmiştir. CICMalDroid2020 veri seti ile yapılan analizlerde, farklı makine öğrenmesi sınıflandırıcılarının, özellik çıkarımının ve en iyi sonucu veren sınıflandırmanın performansını etkileyen parametrelerin etkisi incelenmiştir. Sonuçlar, detaylı bir şekilde aktarılmıştır.

Anahtar Kelimeler:

Kötücül yazılım tespiti, CICMaldroid2020, WEKA, Makine öğrenimi

Performance Analysis of Machine Learning Algorithms for Malware Detection by Using CICMalDroid2020 Dataset

In parallel with the developments in technology, access to information has become easier. Although this situation has a positive effect on our lives, it is an inevitable fact that information has become a target by malicious people. Theft of information and its use as a threat by these people have caused concerns about information security. Malware developed for these purposes poses a great danger to the security of information. In the face of this situation, which increases as access to information becomes easier, researchers have accelerated their work on detecting and preventing malware and ensuring information security. In the literature, it is seen that the detection of malicious software has been carried out with different studies. In this study, malware detection was carried out using the WEKA program. The effects of different machine learning classifiers, feature extraction and the parameters that affect the performance of the classification that gives the best result were examined in the analyzes made with the CICMalDroid2020 dataset. The results are presented in detail.

Keywords:

Malware detection, CICMalDroid2020, WEKA, Machine learning,

PDF

___

[1] Martín, J. A. Hernández and S. de los Santos, “Machine-Learning based analysis and classification of Android malware signatures,” Future Generation Computer Systems, vol. 97, pp. 295–305, 2019.
[2] S.Wu, P. Wang , X. Li and Y. Zhang, “Effective detection of android malware based on the usage of data flow APIs and machine learning,” Information and Software Technology, vol. 75, pp. 17–25, 2016.
[3] F. Martinelli, F. Mercaldo, V. Nardone, A. Santone and G.Vaglini, “Model checking and machine learning techniques for HummingBad mobile malware detection and mitigation,” Simulation Modelling Practice and Theory, 2020.
[4] R. Surendran, T.Thomas and S. Emmanuel, “A TAN based hybrid model for android malware detection,” Journal of Information Security and Applications, vol. 54, 2020.
[5] A. Razgallah, R. Khoury, S. Hallé and K. Khanmohammadi, “A survey of malware detection in Android apps: Recommendations and perspectives for future research,” Computer Science Review, vol. 39, 2021.
[6] X. Wang and C. Li, “Android malware detection through machine learning on kernel task structures,” Neurocomputing, vol. 435, pp. 126–50, 2021.
[7] N. Milosevic and A. Dehghantanha, “Choo KR. Machine learning aided Android malware classification R,” Computers and Electrical Engineering, vol. 61, pp. 266–74, 2017.
[8] Y. Bai, Z. Xing, D. Ma, X. Li and Z. Feng, “Comparative analysis of feature representations and machine learning methods in Android family classification,” Computer Networks, vol. 184, 2021.
[9] Z. U. Rehman, S. N. Khan, K. Muhammad, J. W. Lee,Z. Lv, S. W. Baik, et al. “Machine learning-assisted signature and heuristic-based detection of malwares in Android devices,” Computers and Electrical Engineering, vol. 69, pp. 828–41, 2018.
[10] Z. Chen, Q. Yan, H. Han, S.Wang, L. Peng, L. Wang, et al. “Machine learning based mobile malware detection using highly imbalanced network traffic,” Information Sciences, 2018.
[11] S. Mahdavifar, A. F. Abdul Kadir, R. Fatemi, D. Alhadidi and A. A. Ghorbani, “Dynamic Android Malware Category Classification using Semi-Supervised Deep Learning.” Proceedings - IEEE 18th International Conference on Dependable, Autonomic and Secure Computing, IEEE 18th International Conference on Pervasive Intelligence and Computing, IEEE 6th International Conference on Cloud and Big Data Computing and IEEE 5th Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2020.
[12] D. Rathi and R. Jindal, “DroidMark: A Tool for Android Malware Detection using Taint Analysis and Bayesian Network,” International Journal on Recent Trends in Computing and Communication, vol. 6, pp. 71-76, 2018.