Hybrid Machine Learning Model for Anticipating Cyber Crime Malware in Android: Work on Progress

Abstract

Improvements in information technology bring new challenges in cyber security, especially on the Android platform which is the main target of malware attacks. The National Cyber and Crypto Agency (BSSN) as the national cybersecurity institute recorded millions of attacks involving the Android Package Kit (.apk) application for electronic wedding invitations in Indonesia. This research aims to develop a hybrid machine learning model to detect and anticipate malware on Android devices, using algorithms such as Support Vector Machine (SVM), Random Forest (RF), and K-nearest neighbors (KNN). The main challenges are the limited number of representative datasets and the lack of effective detection techniquesThis research utilizes a primary server with a virtual machine (VM) to analyze the security of Android applications using mobSF and Frida, involving decompilation, TLS testing, and sensitive feature extraction. The system also depends on an Android emulator and Android Debug Bridge (ADB) for simulation, along with PostgreSQL, Job Scheduler, and Remote Desktop Protocol (RDP) for data management and task scheduling. The dataset comprises 1314 malware samples and 770 benign samples, totaling 2048 Android applications, with an average analysis time of 35 minutes per application. Through data collection and pre-processing, as well as model training and evaluation, it is hoped that the proposed framework can improve the accuracy of malware detection, making a significant contribution in protecting Android users from ever-evolving cyber threats. After performing a comparison using the algorithms mentioned above, it was found that the Random Forest algorithm showed the best performance with an accuracy of 97.11%, a precision of 97.22%, and a recall of 97.11%.

Author Team