PROTOTYPE AND EXPERIMENTAL RESULTSWe built a prototype application to demonstrate proof of the concept. The application is built using Java platform. Java Swing API is used to have intuitive user interface while the IO mechanisms are used to deal with file handling. The detection of malware is preceded by the classifier building with proposed pruning approach. FIGURE 2: Shows Android mobile app permissions As can be shown in Figure 2, there are around 135 Android permissions taken as initial input.
Afterwards based on the significance in detecting malware, they are pruned further. FIGURE 3: After completion of pruning the remaining permission are given ranking As shown in Figure 3, it is evident that every permission is given ranking. The permissions that remained after pruning process are considered to give ranking.
EVALUATIONWe evaluated the proposed methodology with an empirical study. The detection accuracy of different algorithms is presented in Table 1. Algorithms Detection AccuracyLibSVM 0.6J48 0.
8ICFS 0.93Proposed 0.97TABLE 1: Detection accuracy comparisonAs can be seen in Table 1, the detection accuracy of the algorithm is compared.
The proposed algorithm exhibited 0.97 accuracy in detection of malware. It is comparatively better performance when ICFS, J48 and LibSVM are considered FIGURE 4: Malware detection accuracy As presented in Figure 3, it is evident that there are many classifiers compared with the proposed one. The LibSVM showed lest accuracy while proposed method showed highest accuracy. No. of Features Precision Recall5 91.29% 83.
90%10 90.21% 90.24%15 90.21% 91.21%20 90.
47% 91.65%25 90.64% 91.77%30 91.27% 90.58%35 91.
83% 90.05%40 96.28% 86.19%45 96.
28% 85.94%50 96.34% 85.82%55 96.35% 85.80%135 98.
81% 83.73%TABLE: Evaluation of the proposed algorithm The proposed algorithm is evaluated with measures like precision and recall. A shown in Table 2, the precision and recall values are presented against number of features considered. FIGURE 5: Precision and recall of the proposed algorithm against number of featuresAs can be seen in Figure 4, the number of features is presented in horizontal axis. The values are taken from 5 to 135 incremental by 5 gradually. The precision and recall values showed in vertical axis are showing the performance of the proposed method. The precision and recall will have tradeoffs.
It does mean that when precision is decreasing recall increase and vice versa.