الكشف عن البرمجيات الخبيثة المتخفية في تطبيقات الأندرويد باستخدام التحليل الديناميكي

Abstract

With the widespread availability of Android devices, they have become a primary target for various types of malware, such as viruses, Trojans, spyware, and ransomware, posing a threat to device security and data integrity. Although static analysis is fast and efficient, it may fail to detect malicious behaviors hidden in the code. Dynamic analysis, on the other hand, provides greater effectiveness in detecting unknown or obfuscated malware.

In this research, we evaluated the performance of attack detection algorithms on Android applications based on memory behavior analysis using CIC-AndMal2020 data. We conduct three main experiments: the first is to evaluate the performance of classifiers using the original dataset without feature down sampling; the second is after feature down sampling using a feature selection technique; and the third is after combining behavioral features extracted from memory files (HPROF) using the Android Studio Profiler and Memory Analyzer Tool (MAT) tools with the original dataset. The results showed that combining memory-extracted behavioral features with the original data contributed to a slight improvement in the accuracy of some classifiers, such as Extra Trees (from ‎98.02% to 98.57%) and Random Forest (from 97.91% to 98.09%), while both SVM and KNN maintained approximately the same level of accuracy. It is noted that the Extra Trees model achieved the best overall performance, with a significant reduction in training time compared to the other models.