Avaliação de Métodos de Classificação baseados em Regras de Associação para Detecção de Malwares Android
Abstract
We present an exploratory analysis of the performance and feasibility of three classification models based on association rules (CBA, CMAR, CPAR) for Android malware detection. We also propose and implement a new classification model based on association rules and rule quality, named EQAR, which extends the classic ECLAT algorithm. To evaluate and compare our four models, we selected three datasets frequently used for training Android malware detection models: DREBIN-215, KronoDroid Emulator and KronoDroid Physical Device. Our findings show that classification methods based on association rules can achieve good results, but not as good as those achieved by machine learning models, such as RandomForest and SVM, for Android malware detection.
Keywords:
Detection, Association
References
Abdellatif, S., Ben Hassine, M. A., Ben Yahia, S., and Bouzeghoub, A. (2018). ARCID: a new approach to deal with imbalanced datasets classification. In SOFSEM.
Agrawal, R., Imielinski, T., and Swami, A. (1993). Mining Association Rules between Sets of Items in Large Databases. In ACM SIGMOD, page 207–216. ACM.
Agrawal, R. and Srikant, R. (1994). Fast algorithms for mining association rules. In Proc. 20th Int. Conf. Cery large Data Bases, VLDB, volume 1215, pages 487–499. Citeseer.
Akbani, R., Kwek, S., and Japkowicz, N. (2004). Applying support vector machines to imbalanced datasets. In European conference on machine learning, pages 39–50.
Ali, Y., Farooq, A., Alam, T. M., Farooq, M. S., Awan, M. J., and Baig, T. I. (2019). Detection of schistosomiasis factors using association rule mining. IEEE Access, 7:18618.
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., and Siemens, C. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In NDSS, volume 14, pages 23–26.
Chicco, D. and Jurman, G. (2020). The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC genomics, 21(1):1–13.
Clark, P. and Boswell, R. (1991). Rule induction with CN2: Some recent improvements. In European Working Session on Learning, pages 151–163. Springer.
Guerra-Manzanares, A., Bahsi, H., and Nomm, S. (2021). Kronodroid: Time-based hybrid-featured dataset for effective android malware detection and characterization. Computers & Security, 110:102399.
Han, J., Pei, J., and Yin, Y. (2000). Mining frequent patterns without candidate generation. ACM sigmod record, 29(2):1–12.
Islam, F. Z., Jamil, A., and Momen, S. (2021). Evaluation of machine learning methods for android malware detection using static features. In IEEE IICAIET, pages 1–6.
Janssen, F. and Furnkranz, J. (2010). On the quest for optimal rule learning heuristics. Machine Learning, 78(3):343–379.
Jeeva, S. C. and Rajsingh, E. B. (2016). Intelligent phishing url detection using association rule mining. Human-centric Computing and Information Sciences, 6(1):1–19.
Kaur, M. and Kang, S. (2016). Market basket analysis: Identify the changing trends of market data using association rule mining. Procedia Computer Science, 85:78–85.
Lenca, P., Vaillant, B., Meyer, P., and Lallich, S. (2007). Association rule interestingness measures: Experimental and theoretical studies. In Quality Measures in Data Mining.
Li, H. and Sheu, P. C.-Y. (2021). A scalable association rule learning heuristic for large datasets. Journal of Big Data, 8(1):1–32.
Li, W., Han, J., and Pei, J. (2001). CMAR: Accurate and efficient classification based on multiple class-association rules. In IEEE ICDM, pages 369–376.
Liu, B., Hsu, W., Ma, Y., et al. (1998). Integrating classification and association rule mining. In Kdd, volume 98, pages 80–86.
Osisanwo, F., Akinsola, J., Awodele, O., Hinmikaiye, J., Olakanmi, O., and Akinjobi, J. (2017). Supervised machine learning algorithms: classification and comparison. IJCTT, 48(3):128.
Sadgali, I., Sael, N., and Benabbou, F. (2021). Human behavior scoring in credit card fraud detection. IAES International Journal of Artificial Intelligence, 10:698–706.
Sharma, T. and Rattan, D. (2021). Malicious application detection in android—a systematic literature review. Computer Science Review, 40:100373.
Sun, L., Li, Z., Yan, Q., Srisa-an, W., and Pan, Y. (2016). SigPID: significant permission identification for android malware detection. In 11th MALWARE, pages 1–8. IEEE.
Thabtah, F. (2007). A review of associative classification mining. The Knowledge Engineering Review, 22(1):37–65.
Thabtah, F., Cowling, P., and Peng, Y. (2005). MCAR: multi-class classification based on association rule. In 3rd ACS/IEEE AICCSA, pages 33–.
Wang, W., Zhao, M., Gao, Z., Xu, G., Xian, H., Li, Y., and Zhang, X. (2019). Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions. IEEE Access, 7:67602–67631.
Wrobel, ?., Sikora, M., and Michalak, M. (2016). Rule quality measures settings in classification, regression and survival rule induction—an empirical approach. Fundamenta Inf., 149(4):419.
Yin, X. and Han, J. (2003). CPAR: Classification based on predictive association rules. In Proceedings of the SIAM international conference on data mining, pages 331–335.
Zaki, M. J. (2000). Scalable algorithms for association mining. IEEE transactions on knowledge and data engineering, 12(3):372–390.
Zhang, M. and He, C. (2010). Survey on association rules mining algorithms. In Advancing Computing, Communication, Control and Management, pages 111–118. Springer.
Agrawal, R., Imielinski, T., and Swami, A. (1993). Mining Association Rules between Sets of Items in Large Databases. In ACM SIGMOD, page 207–216. ACM.
Agrawal, R. and Srikant, R. (1994). Fast algorithms for mining association rules. In Proc. 20th Int. Conf. Cery large Data Bases, VLDB, volume 1215, pages 487–499. Citeseer.
Akbani, R., Kwek, S., and Japkowicz, N. (2004). Applying support vector machines to imbalanced datasets. In European conference on machine learning, pages 39–50.
Ali, Y., Farooq, A., Alam, T. M., Farooq, M. S., Awan, M. J., and Baig, T. I. (2019). Detection of schistosomiasis factors using association rule mining. IEEE Access, 7:18618.
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., and Siemens, C. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In NDSS, volume 14, pages 23–26.
Chicco, D. and Jurman, G. (2020). The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC genomics, 21(1):1–13.
Clark, P. and Boswell, R. (1991). Rule induction with CN2: Some recent improvements. In European Working Session on Learning, pages 151–163. Springer.
Guerra-Manzanares, A., Bahsi, H., and Nomm, S. (2021). Kronodroid: Time-based hybrid-featured dataset for effective android malware detection and characterization. Computers & Security, 110:102399.
Han, J., Pei, J., and Yin, Y. (2000). Mining frequent patterns without candidate generation. ACM sigmod record, 29(2):1–12.
Islam, F. Z., Jamil, A., and Momen, S. (2021). Evaluation of machine learning methods for android malware detection using static features. In IEEE IICAIET, pages 1–6.
Janssen, F. and Furnkranz, J. (2010). On the quest for optimal rule learning heuristics. Machine Learning, 78(3):343–379.
Jeeva, S. C. and Rajsingh, E. B. (2016). Intelligent phishing url detection using association rule mining. Human-centric Computing and Information Sciences, 6(1):1–19.
Kaur, M. and Kang, S. (2016). Market basket analysis: Identify the changing trends of market data using association rule mining. Procedia Computer Science, 85:78–85.
Lenca, P., Vaillant, B., Meyer, P., and Lallich, S. (2007). Association rule interestingness measures: Experimental and theoretical studies. In Quality Measures in Data Mining.
Li, H. and Sheu, P. C.-Y. (2021). A scalable association rule learning heuristic for large datasets. Journal of Big Data, 8(1):1–32.
Li, W., Han, J., and Pei, J. (2001). CMAR: Accurate and efficient classification based on multiple class-association rules. In IEEE ICDM, pages 369–376.
Liu, B., Hsu, W., Ma, Y., et al. (1998). Integrating classification and association rule mining. In Kdd, volume 98, pages 80–86.
Osisanwo, F., Akinsola, J., Awodele, O., Hinmikaiye, J., Olakanmi, O., and Akinjobi, J. (2017). Supervised machine learning algorithms: classification and comparison. IJCTT, 48(3):128.
Sadgali, I., Sael, N., and Benabbou, F. (2021). Human behavior scoring in credit card fraud detection. IAES International Journal of Artificial Intelligence, 10:698–706.
Sharma, T. and Rattan, D. (2021). Malicious application detection in android—a systematic literature review. Computer Science Review, 40:100373.
Sun, L., Li, Z., Yan, Q., Srisa-an, W., and Pan, Y. (2016). SigPID: significant permission identification for android malware detection. In 11th MALWARE, pages 1–8. IEEE.
Thabtah, F. (2007). A review of associative classification mining. The Knowledge Engineering Review, 22(1):37–65.
Thabtah, F., Cowling, P., and Peng, Y. (2005). MCAR: multi-class classification based on association rule. In 3rd ACS/IEEE AICCSA, pages 33–.
Wang, W., Zhao, M., Gao, Z., Xu, G., Xian, H., Li, Y., and Zhang, X. (2019). Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions. IEEE Access, 7:67602–67631.
Wrobel, ?., Sikora, M., and Michalak, M. (2016). Rule quality measures settings in classification, regression and survival rule induction—an empirical approach. Fundamenta Inf., 149(4):419.
Yin, X. and Han, J. (2003). CPAR: Classification based on predictive association rules. In Proceedings of the SIAM international conference on data mining, pages 331–335.
Zaki, M. J. (2000). Scalable algorithms for association mining. IEEE transactions on knowledge and data engineering, 12(3):372–390.
Zhang, M. and He, C. (2010). Survey on association rules mining algorithms. In Advancing Computing, Communication, Control and Management, pages 111–118. Springer.
Published
2022-09-12
How to Cite
ROCHA, Vanderson da Silva; KREUTZ, Diego; PONTES, Jonas; FEITOSA, Eduardo.
Avaliação de Métodos de Classificação baseados em Regras de Associação para Detecção de Malwares Android. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 316-329.
DOI: https://doi.org/10.5753/sbseg.2022.21677.
