International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 04 Issue: 07 | July -2020
Evaluation of Machine Learning for Smart Phone
Malware Detection
Rahul Kumar Mahato
ARKA JAIN University, Jamshedpur-831014, India
Abstract - In the current era most of the safety downside
faces the external threats and attacks. These attacks square
measure destroyed the dear information and injury the
growing up organization. the foremost of viruses’ attacks or
Malware attacks square measure pool up all the data and
injury the software system and corrupt the dear information.
during this on top of downside, central intelligence service
(CIA triad) has organized a sorted Security system to stop the
external threat and completely different Attacked like malware
square measure larva, ransom ware, adware, key loggers,
viruses, Trojan horses, worms et al.. The exponential growth
of malware is motility a good danger to the security of
counseling. This study did the performance evaluation of some
classification algorithms like J45, LMT, Random Forest,
Naïve Bayes, MLP Classifier, Random Tree, REP Tree, Ada
Boost, Bagging, K-Star, straightforward logistical, IBK, LWL,
SVM, and RBF Network. The performance of the algorithms
was evaluated in terms of Accuracy, Precision, Recall,
alphabetic character Statistics, F-Measure, Matthew
parametric statistic, Receiver Operator Characteristics Area
and Root Mean square Error victimization wood hen machine
learning and data processing simulationtool.
Keyword: - Malware, classification-algorithms, attacks,
Random Forest, security.
I. INTRODUCTION
Malware is any variety of program that's anticipated to make
for destruction to the pc system and network. samples of
malware are larva, ransom-ware, adware, key loggers, viruses,
Trojan horses, worms, and others. The exponential
intensification of malware is sitting an excellent hazard to the
security of to not be disclosed data. the matter with many of
the present classification algorithms is their low performance
in term of their ability to find and stop malware from infecting
the pc system. there's an urgent got to weigh up the
presentation of the present Machine Learning categorization
algorithms used for malware recognition. this may facilitate in
produce additional strong and strong algorithms that have the
competency to beat the weakness of the present algorithms.
This study did the performance analysis of some
categorization algorithms such as J45, LMT, Naïve Bayes,
Random Forest, MLP Classifier, Random Tree, REP Tree,
Bagging, Ada-Boost, K-Star, straightforward logistical, IBK,
LWL, SVM, and RBF Network. The performance of the
algorithms are assess in terms of Accuracy, Precision, Recall,
alphabetic character Statistics, F-Measure, Matthew
correlation, Receiver Operator Characteristics space and Root
Mean square Error exploitation WEKA machine learning and
data processing simulation tool. Our experimentalresults
© 2020, IJSREM | www.ijsrem.com
ISSN: 2582-3930
showedthat Random Forest algorithmic program produced the
simplest accuracy of ninety nine.2%. This absolutely indicates
that the Random Forest algorithmic program achieves sensible
accuracy rates in detective work malware. The breakthrough
in web technology and pc networking have created high speed
shared web doable. The result of this development is that the
daily increase within the number of pc systems that became
vulnerable to malware attacks [1, 2]. The innovation has
created the net a huge repository wherever resources square
measure virtualized and used to the need of users. Despite the
vast edges that the internet revolution has brought, there
square measure various challenges that it conjointly poses to
the safety of pc systems. The conventional ADP system is
entirely centered on one host machine running software
package, whereas many machines connected to the host square
measure running on the guest operating system [1]. The
prevailing security threat braving the users is that the attack on
a ADP system by malicious programs that unfold to
alternative computers that haven't been infected [3]. The threat
display by malware infections has become a serious challenge
within the field of pc security over the years. the amount of
latest malware on the net keep on increasing at AN menacing
rate at the same time as anti-virus companies square measure
creating effort to curtail the trend thus on create the immense
range of human safe. Malware has evolved over time and is
changing into a lot of refined than before. It is now harder to
discover them. there's so the necessity to invent a lot of
economical techniques that may discover and forestall these
attacks. Malware could be a trojan horse that infringes on the
safety of a ADP system in terms of privacy, reliability, and
accessibility of information [3]. This trend has created
academicians and trade practitioners to maneuver from the
conventional static detection techniques [4, 5] to more
dynamic, refined and spontaneous strategies that applies
accumulated malware behavior to discover malware attacks
six,[7, 8]. A malware will merely be outlined as a malicious
program that the user unsuspectingly install on their machine
and later these programs will begin to disrupt the proper
operation of the machine or may continue unnoticed and
perform malicious actions while not been detected [9]. When
the wrongdoer gains management of the machine, he will then
have access to any info hold on the machine. Some of the
deceptive approaches accustomed install malware on the
computer system through the net embrace repackaging the
software, update attack [9] or want for transfer [10]. The
attacker employs any of the ways mentioned before to create
malicious package by inserting an explicit form of malware
into it before uploading it to the net. Malware can be
delineated as varied sorts of package, that have the capacity to
create mayhem on a ADPS or lawlessly make use of thisinfo
Page 1
 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 04 Issue: 07 | July -2020
while not the consent of the users[6,7]. Malware are often
classified in varied sorts, for instance, Botnet, Backdoor,
Ransom-ware, Root-kits, Virus, Trapdoor. they're accustomed
attack laptop systems and for performing criminal activities
like scam, phishing, service misuse and root access thirteen.
A. Types ofMalware
For some time currently, differing types of malware are
performing numerous malicious activities on laptop systems.
These activities vary from just displaying undesirable subject
to completely hijacking the pc system from the user and
denying them access to that. the foremost well-liked and
frequently noticed malware include:
Trojan Horse- may be a program that appears harmless and
useful to users like all different authentic software system.
However, after opening the applying, this malware distributes
another malicious codes that corrupt the files and applications
put in on the pc, and conjointly steal sensitive data like
password. not like laptop viruses and worms, Trojans require
interaction with users to breed themselves. This makes
Trojans one in all the foremost damaging and unsafe types of
malware as a result of it's principally discovered when it's
affected the pc system [4]. consistent with [5], Trojan horse
may be categorized into 2 main groups: General Trojan and
Remote-Access Trojan. General Trojans: this kind of Trojans
includes a big selection of malicious activities. They can
threaten knowledge integrity of victim machines. they will airt
victim machines to a specific computing device by exchange
system files that contain URLs. they will install many
malicious software on victim computers. they will even track
user activities, save that data then send it to the attacker.
Remote Access Trojans: we are able to claim hat they're the
most dangerous form of Trojan. they need the special
capability that permits the offender to remotely management
the victim machine via a local area network or web. this kind
of Trojan will be educated by the offender for malicious
activities like harvesting counseling from the victim machine.
Examples of Trojan Horses area unit Remote access Trojans
(RATs), Backdoor Trojans (backdoors), IRC Trojans (IRC
bots), Key workTrojans.
Virus- Virus as a malware that includes a self-replicating
nature. It is constructed to change or top the functioning of a
computer. It multiplies by 1st infecting one program. It is a
kind of malware that may cause serious injury varied from the
computer system just displaying absolute errors in making the
system expertise a Denial of Service (DoS) attack. What
distinguishes a virulent disease from a Trojan is that the
ability of a virulent disease to duplicate itself by attaching
itself to different valid software and become a locality of them.
Viruses area unit sometimes propagated through repeating of
files from one laptop system to a different, through websites,
or e-mails that contain files that have already been
contaminated with virus . Also, software system put in on the
pc area unit corrupted by the viruses as a results of injecting
the real software system with malicious code and because it is
dead, the virus is transmitted to other programs on the pc .
There are a unit several different ways for sending a virulent
disease to different computers such as by causationAssociate
© 2020, IJSREM | www.ijsrem.com
ISSN: 2582-3930
in Nursing infected file as Associate in Nursing email
attachment or by embedding copies of infected files into a
removable medium such as a CD, videodisk or USB drive.
Viruses will increase their probabilities of spreading to
different computers by infecting files on a network
classification system or a classification system that's accessed
by another laptop. one in all the crucial variations between
virus and worm is that the capability of worm to mechanically
spread itself to different computers within the network by
exploiting computer's security vulnerabilities. There area unit
numerous classifications of a virulent disease, they embody
Associate in Nursing encrypted, polymorphic and
metamorphicvirus.
Adware- may be a malware whose solely purpose is to point
out advertisements to the user. they're thought to be one
amongst the least threatening classes of malware. Their
intention is to display on the affected laptop commercials that
the user is likely to be drawn to, it records knowledge from the
pc such as browser and search engines histories nineteen.
Adware is sometimes classified as spyware subject to the
seriousness of the recording. Adware, or advertising-supported
code, is any code package that mechanically plays, displays,
or downloads advertisements to a laptop. These
advertisements will be within the style of a pop-up. the item of
the Adware is to come up with revenue for its author. Adware,
by itself, is harmless; but, some adware might associate with
integrated spyware like key loggers and different privacy
invasive code. Adware is sometimes seen by the developer as
a way to recover development prices, and in some cases, it
may allow the code to be offered to the user freed from charge
or at a reduced worth. Conversely, the advertisements is also
seen by the user as interruptions or annoyances, or as
distractions from the task athand.
Spyware- may be a quite self-installing malware that execute
without the user’s approval. it's accustomed gather and track
information regarding the person and therefore the browsing
history of a computer system. it's usually prepackaged in
conjunction with software that's created obtainable to users at
no value. Spyware is additionally known as rootkit as a result
of the packaging with freeware. Spyware may be a code that
allows a 3rd party to spy on a host. Spyware has been used for
a range of functions including larceny fraud and theft of
private knowledge, spying on online activities of people (e.g.
spouses) and look users' on-line activities. it's a sort of
malware put. The presence of spyware is often hidden from the
user and may be troublesome to find [2,1]. Spyware typically
modifies the pc settings, leading in terribly sluggish
connection speeds and/or loss of web association. Moreover, a
number of the system practicality begin malfunctioning so
creating the pc to be terribly slow and several strange code
square measure mechanically putin.
Worm- may be a malware that doesn't attach itself to different
software because it doesn't want a number code to lock itself
to. This is what differentiates worm from the virus. A worm
normally affects its victim through the realm of exposures that
it can exploit. It employs numerous means that to propagate,
and corrupt different laptop systems fourteen. Worms have the
Page 2
 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 04 Issue: 07 | July -2020 ISSN: 2582-3930

capability to wreck an equivalent extent of disturbance a II. RELATEDWORKS

pestilence can cause to associate infected ADPS. Worms don't With the unexampled increase within the range of malware
seem to be parasitic in behavior just like the viruses. they're been free on the net, several researchers have taken it upon
freelance programs that can cause hurt on their own. These themselves to judge the performance of classification
worms might or might not have a payload however each sorts algorithms that are used for detective work and classifying
will be pretty harmful. Worms while not payloads don't have malware by employing a combination of performance metrics.
an effect on the system that it infects 16. Whereas the worms We, therefore, realize it necessary to work out that algorithmic
with payload can do hurt to the infected system also.In some program performs best for any chosen metric to help withinthe
cases, the payload acts as a backdoor rather than creating correct classification of malware. many studies are carried out
changes to the system. A worm may have a awfully harmful to compare the performances of some classification algorithms
impact on systems within the network, like may consume an for malware detection. Classification algorithms whose
excessive amount of system memory or system processor performances are up to now compared embrace Naïve Bayes
(CPU) and cause several applications to prevent responding. a .different algorithms compared embrace call Trees, Support
number of the foremost noted worms embrace the worm that Vector Machine, Random Forests,J48 , C4.5, ANN ,
has created businesses to lose upwards of five.5 billion Multilayer perceptron, CART, Neural Network , IBK ,
greenbacks indamage23. theorem Network. Table one depicts the outline of the
algorithms utilized in previousstudies.
Bot- conjointly called an internet mechanism or botnet square
measure application software that runs machine-controlled III. LITERATUREREVIEWS
tasks over the web. They belong to a class of malware that
permits its principal to gain access to the infected ADPS. Bots Sl. Title Author Finding Remark
can propagate through backdoors created obtainable by a no.
pestilence or worm on the victim laptop. Bots square measure 1. Machine Omal To calculate the In this paper, I
legendary for using an application layer protocol that allows learning Sahar, efficiency and suggested a very
communication in the form of text with its principal. techniqu Muham achievement of efficient and
es for mad proposed GA suitable technique
Distributed Denial of Service (DDoS) attacks that have the
the Ahsan based approach, to calculate the
capability to impede the services of the target laptop by over- evaluati Latif& I compare efficiency of the
flooding its information measure or resources with requests on of Muham outcomes of the SRGMs using GA
will be launched victimization many bots. efficienc mad genetic based approach. I
y of the Imran algorithm with proposed the
Ransom ware- may be a subcategory of malware that encrypts software 2017 other genetic algorithm
the files on the victim’s laptop or entirely fast you out. It turns reliabilit optimization based approach to
your files to unintelligible data and makes them useless and y techniques SA apply to the
payment is necessitated before the coding and returning of the growth and MOGA. evaluation of the
models parameters of the
ransomed files to the owner. they typically infect their victims
SRGMs. Three
through Trojan . operators were used
in GA based
Rootkits- square measure a group of code tools utilized by approach i.e.,
hackers to induce and sustain continuous administrator-level Selection, crossover
access to a computer system therefore on camouflage the and mutation
dynamic of files, or activities of the hacker to stay the user 2. Predicti J.n.alves The accuracy of To my knowledge,
within the dark. Rootkits are usually connected with Trojans, ng long- .castela. all models in this is the first study
worms, and viruses that obscure their presence and actions term cardoso. predicting 5- to describe the use
from users and different system processes . mortalit 2017 year mortality of ML methods to
y with after CABG was predict long-term
first assessed by mortality in patients
Backdoor- may be a category of malware that gives a week testing against who underwent
supplementary stealthy “entrance” to the system for attackers. post- the validation CABG. Here, I
The backdoor itself doesn't directly hurt the system however it operativ dataset, with demonstrate the
opens the door for attackers to play disturbance. thanks to this e data results reported superiority of
characteristic, backdoors square measure in no means used after as AUROC models developed
one by one. Ordinarily, a backdoor is antecedent malware Coronar (95%CI). Cox with ML algorithms
attack or different sorts of attacks24. y Artery Regression, the over traditional
Bypass most commonly Logistic Regression
Key logger- conjointly called keystroke work may be a kind of Grafting used survival for long-term
using analysis tool in mortality prediction
surveillance malware that after the pc is plagued with it has Machine Medicine, was after CABG
the flexibility to record each keystroke build thereon system. Learnin used as a operations. These
The recording is saved in a very log file that is often encrypted g baseline for findings are in line
and sent to a selected receiver. Such data will include models comparison and with the predictive
passwords, Band Verification range, ATM card numbers and proved the least capacity of ML
different counsel twentyfive. accurate of all models in other
models with a fields of Medicine
© 2020, IJSREM | www.ijsrem.com Page 3
 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 04 Issue: 07 | July -2020 ISSN: 2582-3930

time-dependent
AUROC of from its superior
0.644 at 5 years work complexity
follow-up. guarantees. A
3. A Adrian All performance In this paper concise, yet broadly
compari Ion- measures can be performed four applicable
son of Margine found in Table binary classification convergence and
Machine anu, 4. Maximum tasks for complexity theory
Learnin Gabriel AUC values for discriminating for SG is presented
g Kocevar each between MS here, providing
approac , classification courses. Ireport insight into how
hes for Claudio task are AUC, sensitivity, these guarantees
classifyi Stamile highlighted in and specificity have translatedinto
ng et al. gray. For CIS values, after training practical gains.
Multiple 2017 vs. RR i obtain simple and complex 5. High- Joao F. The explanation In this work, I
Sclerosi a maximum classifiers on four Speed Henriqu is that, after demonstrated that it
s AUC of 77% different types of Trackin es, computing a is possible to
courses when features. I show that g with RuiCase cross- analytically model
using combining combining Kerneliz iro, correlation natural image
MRSI metabolite metabolic ratios edCorrel Pedro between two translations,
and ratios with GM, with brain tissue at ion Martins, images in the showing that under
brain WM, and segmentation Filters and Fourier domain some conditions the
segment lesions percentages can Jorge and converting resulting data and
ations percentage. improve Batista back to the kernel matrices
classification results 2014 spatial domain, become circulate.
between CIS and it is the top-left Their
RR or PP patients. element of the diagonalization by
This best results are result that the DFT provides a
always obtained corresponds to a general blueprint for
with SVM-rbf, so I shift of zero creating fast
can safely conclude [21]. Of course, algorithms that deal
that building since i always withtranslations.
complex deal with cyclic
architectures of signals, the peak
convolution neural of the Gaussian
networks do not add function must
any improvement wrap around
over classical from the top-left
machine learning corner to the
methods. other corners,
4. Optimiz L´eon This analysis of Mathematical
ation Bottou SG in 4 can be optimization is one IV. ANALYSIS
Methods Frank E. characterized as of the foundations
for Curtis relying of machine learning,
Three stages were concerned within the performance analysis
Large- Jorge primarily on touching almost of the various Machine Learning classifiers thought of during
Scale Nocedal smoothness in every aspect of the this study. The phases area unit Dataset Preparation, Pre-
Machine 2017 the sense of discipline. In Processing and Application of various Machine Learning
Learnin Assumption 4.1. particular, algorithms on the ClaMP (Classification of Malware with
g This has numerical letter headers) dataset files 34. The dataset includes a total of
advantages and optimization 5184 instances, which contain 2683 Malware, and 2501
disadvantages. algorithms, the main Benign. The dataset has fifty five features. The ClaMP dataset
On the positive subject of this
thirty six is reborn into. format(a format compatible for the
side, it allows us paper, have played
to prove an integral role in
file) supported by the Maori hen Machine Learning simulation
convergence the transformational setting for input file that was used for the analysis. to try to a
results that progress that satisfactory classification of the ClaMP dataset, J45, LMT,
apply equally machine learning Naïve mathematician, Random Forest, MLP Classifier,
for the has experienced Random Tree, REP Tree, Bagging, Ada Boost, K-Star, Simple
minimization of over the past two Logistic, IBK, LWL, SVM, and RBF Network were used and
convex and non- decades. In this a [10] folds cross-validation was used in this study. the
convex study, I highlight rationale for choosing [10] folds was as a result of outputs
functions, the the dominant role
generated from intensive tests on totally different datasets with
latter of which played by the
has been rising stochastic gradient erratic learning range of folds required to get the best estimate
in importance in method (SG) of of error [3,5]. To carry out cross-validation, a specific range of
machine Robbins and Monro folds is selected, the info is at random divided into [10]
learning; recall [130], whose segments in whichthe
2.2. success derives

© 2020, IJSREM | www.ijsrem.com Page 4

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 04 Issue: 07 | July -2020
category is denoted in virtually constant size once compared
to the entire dataset. every section is control out sequentially
and therefore the learning methodology trained on the nine-
tenths that remain; later on, its error rate is processed on the
holdout set. Consequently, the training method is dead ten
times on totally different coaching sets. onceand for all, the
mean of the [10] error analysis area unit hand-picked because
the general permits the extraction of sure proportion of the info
for assessment. A proportion split of sixty six split was used
for thisstudy
VI. EXPERIMENTAL RESULTS AND DISCUSSION ----------(3)
Experiments were conducted exploitation the whole dataset
with [10] folds cross-validation and sixty six split. The
performance of every Machine Learning classifiers was
evaluated in terms of Accuracy, Precision, Recall, letter of the
alphabet Statistics, F-Measure, MCC, Receiver Operator
Characteristics space, and Root Mean squareError.
A. Accuracy- The Accuracy is performance metrics that area
unit accustomed specific the proportion of correct predictions.
It doesn't take into thought actuality positives and negatives
individually. this can be the essential reason why accuracy
alone can't be accustomed confirm the performance of a model.
different performance metrics except the accuracy area unit
needed to be used. the worth of one indicates the most
effective accuracy. From the experimental results of assorted
classifiers during this study, the most effective Accuracy is
zero.992 generated once the 10-fold cross validation was used
on Random Forest classifier whereas the worst was zero.652
created once sixty six split was used on the Naïve Thomas
Bayes classifier. Figure one and Table three shows the
Accuracy of everyclassifier.
B. exactness and Recall- exactness, that is additionally
referred to as positive prognostic worth, returns the speed of
relevant results instead of inapplicable results. it's a little
proportion of vital recollected instances, whereas recall is that
the fraction of relevant instances that area unit recollected.
The recall is that the sensitivity for the foremost relevantresult.
exactness associate degreed recall rely on an understanding
and live ofconnation.
𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛 = 𝑇𝑃 𝑇𝑃+𝐹𝑃 ------ (1),
𝑅𝑒𝑐𝑎𝑙𝑙 = 𝑇𝑃𝑅 = 𝑇𝑃 𝑇𝑃+𝐹𝑁-------(2)
The exactness and results of the various classifiers are
pictured in Table three and figures a pair of and three. the very
best exactness and recall values of zero.993 and 0.992
severally were created once ten -fold cross-validation was
done on RandomForest.
C. Kappa Statistics- Kappa data point may be a performance
metric that compares associate degree ascertained accuracy
with associate degree expected accuracy (random chance). It
reflects the degree of agreement between verity categories and
therefore the classifications. The letter of the alphabet
statistics worth of one is that the highestindicating complete
© 2020, IJSREM | www.ijsrem.com
ISSN: 2582-3930
agreement. during this study, the very best letter of the
alphabet characteristics is zero.985 that was created once the
check was conducted on Random Forest with ten folds cross-
validation.
D. F-Measure- F-Measure is that the worth that estimates the
whole performance of the system by uniting exactness and
recall into one variety. the very best worth of one specifies the
most effectiveresult.
𝐹 − 𝑚𝑒𝑎𝑠𝑢𝑟𝑒 = 2 𝑥 𝑅𝑒𝑐𝑎𝑙𝑙 𝑥 𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛 𝑅𝑒𝑐𝑎𝑙𝑙 + 𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛
ROC space- The mythical monster (AUC) Area of a classifier
is that the likelihood of the classifier ranking a every which
way chosen positive instance above a every which way chosen
negative instance., ROC of 0.8 depicts smart prediction, ROC
of 0.7 could be a mediocre prediction, whereas mythical
monster of zero.6 symbolises a poor prediction. Figure half-
dozen depicts the areas below mythical monster curves of
classifiers utilized in this study with Random Forest achieving
the most effective performance with zero.999 whereas RBF
Network has the poorest performance with zero.779.
E. Matthew coefficient of correlation (MCC)- actuality and
false positives cannotbe adequately represented mistreatment
one indicator, the Matthews coefficient of correlation (MCC)
have well-tried to be the most effective general live thirty
four. MCC could be a performance metric that measures the
properties of the two-class drawback. It takes into thought
actuality and false positives and negatives. it's a balanced
metric, even once the categories arfrom dissimilar sizes. The
formula below will be wont to figure the worth forMCC:
𝑀𝐶𝐶 = 𝑇𝑃𝑥𝑇𝑁 − (𝐹𝑁𝑥𝐹𝑁 ) (𝑇𝑃+𝐹𝑃)(𝑇𝑃+𝐹𝑁)
(𝑇𝑁+𝐹𝑃)(𝑇𝑁+𝐹𝑁) ------------(4)
when the output is +1 it represents the most effective
prediction, whereas −1 signifies a whole disagreement. Table
three and figure seven shows the MCC for every classifier
under consideration. Random Forest classifier made the most
effective MCC price of zero.985 whereas Naïve
mathematician generated the worst results of zero.
VI. CONCLUSION
This paper presents a comparative study of malware detection
using fifteen completely different Machine Learning
algorithms. Some of the progressive models like J45, LMT,
Naïve Bayes, Random Forest, MLP Classifier, Random Tree,
REP Tree, Bagging, Ada Boost, K-Star, easy supplying, IBK,
LWL, SVM, and RBF Network were employed in the study
and their statistical results given. From the experimental
results obtained from running the assorted classification
exploitation 10-fold cross-validation and sixty six split check,
it's been incontestable that some unpopular algorithms
perform comparatively well on the ClaMP dataset thirty six on
Maori hen. It becomes apparent from our study that Random
Forest is that the best classifier among the fifteen (15)
classifiers thought of. Experimental results indicated that even
Page 5
 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 04 Issue: 07 | July -2020 ISSN: 2582-3930

with less feature choice used, the Random Forest classifier
with zero.992 performs relatively better in malware
classification, far better than the favored classification
algorithms like SVM with zero.956 accuracy, Ada Boost with
accuracy of zero.922, sacking with zero.978, J48 with 0.978,
Naïve Bayes with zero.652, and Multilayer Perceptron
classifier with zero.973. we tend to suggest that additional
publicly obtainable malware datasets be accustomed value the
performance of different Machine Learning algorithms
exploitation different data processing and Machine Learning
tools like Rapid jack.
Proceedings Of The 1st ACM Workshop On Security And
Privacy In Smartphones And Mobile Devices, Chicago,
Illinois, USA, Pp 3–14
xi. Friedman N, Geiger D, Goldszmidt M (1997) Bayesian
Network Classifiers. Mach Learn 29(2–3):131–163
xii. F-Secure (2013) Android Accounted For 79% Of All
Mobile Malware In 2012, 96% In Q4 Alone.
Http://Techcrunch.Com/2013/03/07/F-Se Cure-Android-
Accounted-For-79-Of-All-Mobile-Malware-In-2012- 96-
In-Q4-Alone/. Accessed 1st June 2013

VII. REFERENCES xiii. García-Teodoro P, Díaz-Verdejo J, Maciá-Fernández G,

Vázquez E (2009) Anomaly-Based Network Intrusion
i. Amos B, Turner H, White J (2013) Applying Machine Detection: Techniques, Systems And Challenges.
Learning Classifiers To Dynamic Android Malware ComputSecur 28(1–2):18–28
Detection At Scale. In: Proceedings Of The 9th
International Wireless Communications And Mobile xiv. Gogoi P, Bhattacharyya DK, Borah B, Kalita JK (2013)
Computing Conference (IWCMC), Sardinia, Italy, Pp MLH-IDS: A Multi-Level Hybrid Intrusion Detection
1666–1671 Method. Comput J 2013 Doi:10.1093/Comjnl/Bxt044.
Online.Http://Comjnl.Oxfordjournals.
ii. Android (2013) Android 4.2, Jelly Bean. Org/Content/Early/2013/05/12/Comjnl.Bxt044.Abstract.
Http://Www.Android.Com/ About/Jelly-Bean/. Accessed Accessed 12 May 2013
June 2013
xv. Gribskov M, Robinson NL (1996) Use Of Receiver
iii. Anuar NB, Sallehudin H, Gani A, Zakaria O (2008) Operating Characteristic (ROC) Analysis To Evaluate
Identifying False Alarm For Network Intrusion Detection Sequence Matching. ComputChem 20(1):25–33
System Using Hybrid Data Mining And Decision Tree.
Malays J Computer Sci21(2):101–115\

iv. Anubis (2013) Anubis: Analyzing Unknown Binaries.

Http://Anubis. Iseclab.Org/. Accessed Feb 2013

v. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K

(2014) DREBIN: Effective And Explainable Detection
Of Android Malware In Your Pocket. In: Proceedings Of
The 2014 Network And Distributed System Security
(NDSS) Symposium, San Diego, USA (2014)

vi. Arstechnica (2013) More Bad News For Android: New

Malicious Apps Found In Google Play.
Http://Arstechnica.Com/Security/2013/ 04/More-Bad
News-For-Android-New-Malicious-Apps-Found-In-Go
Ogle-Play/. Accessed 1st Jan 2013

vii. Bradley AP (1997) The Use Of The Area Under The

ROC Curve In The Evaluation Of Machine Learning
Algorithms. Pattern Recognit 30(7):1145–1159

viii. Breiman L (2001) Random Forests. Mach Learn

45(1):5–32

ix. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crow

Droid: Behavior Based Malware Detection System For
Android. In: Proceedings Of The 1st ACM Workshop On
Security And Privacy In Smartphones And Mobile
Devices, Chicago, Pp 15–26

x. Felt AP, Finifter M, Chin E, Hanna S, Wagner D (2011)

A Survey Of Mobile Malware In The Wild. In:
© 2020, IJSREM | www.ijsrem.com Page 6