ANOMALY DETECTION OF ANDROID MALWARE USING ONE-CLASS K-NEAREST NEIGHBOURS (OC-KNN)

Authors

  • BA Gyunka DEPARTMENT OF BRANCH OPERATIONS, CENTRAL BANK OF NIGERIA, KANO, KANO STATE, NIGERIA
  • SI Barda DEPARTMENT OF STATISTICS, CENTRAL BANK OF NIGERIA, KANO, KANO STATE, NIGERIA

Keywords:

Android; Machine Learning, Malware, One-Class Classification, Anomaly Detection, Outlier Detection, Novelty Detection, Concept Learning, k-NN

Abstract

The advent of the Android Operating System has recorded a remarkable ground-breaking opportunities in the Technological world. However, this great breakthrough also has a very dark side – an uncontrollable rapid continuous releases of malware in the wild, targeted at the platform and all its information and human assets.  The misuse-based approaches adopted by many detection systems do no longer have the rigidity and the tenacity to accommodate the rapid successive releases of malware that come in great volume in order to keep up with active defenses against unknown and novel attacks.  Systems that are capable of offering anomaly protection are thus in dire need. This study developed a normality model that is based on One-Class K-Nearest Neighbour (OC-kNN) Machine Learning approach for anomaly detection of Android Malware. The OC-kNN was trained, using WEKA 3.8.2 Machine Learning Suite, through a semi-supervise procedure that contained mostly benign and a very few outliers Android application samples. The OC-kNN had 88.57% true performance accuracy for normal instances while 71.9% was recorded as true performance accuracy for outliers (unknown) instances. The false alarm rates for both normal and outlier’s instances were recorded as 28.1% and 11.5%.  The study concluded that a One-Class Classification model is an effective approach to be used for the detection of unknown Android malware.

 

http://dx.doi.org/10.4314/njt.v39i2.25

Downloads

Published

2020-04-03

Issue

Vol. 39 No. 2 (2020): NIGERIAN JOURNAL OF TECHNOLOGY, VOL. 39, NO. 2, APRIL 2020

Section

Computer, Telecommunications, Software, Electrical & Electronics Engineering

License

The contents of the articles are the sole opinion of the author(s) and not of NIJOTECH.

NIJOTECH allows open access for distribution of the published articles in any media so long as whole (not part) of articles are distributed.

A copyright and statement of originality documents will need to be filled out clearly and signed prior to publication of an accepted article. The Copyright form can be downloaded from http://nijotech.com/downloads/COPYRIGHT%20FORM.pdf while the Statement of Originality is in http://nijotech.com/downloads/Statement%20of%20Originality.pdf

 

For articles that were developed from funded research, a clear acknowledgement of such support should be mentioned in the article with relevant references. Authors are expected to provide complete information on the sponsorship and intellectual property rights of the article together with all exceptions.

 

It is forbidden to publish the same research report in more than one journal.

How to Cite

ANOMALY DETECTION OF ANDROID MALWARE USING ONE-CLASS K-NEAREST NEIGHBOURS (OC-KNN). (2020). Nigerian Journal of Technology, 39(2), 542-552. https://nijotech.com/index.php/nijotech/article/view/2307