Avaliação de Métodos de Classificação baseados em Regras de Associação para Detecção de Malwares Android

  • Vanderson da Silva Rocha UFAM
  • Diego Kreutz UNIPAMPA
  • Jonas Pontes UFAM
  • Eduardo Feitosa UFAM

Resumo


O nosso principal objetivo e apresentar uma análise exploratória do desempenho e da viabilidade de três modelos de regras de associação existentes na literatura (CBA, CMAR, CPAR) no contexto de classificação de malwares Android. Além disso, desenvolvemos também um novo modelo de classificação baseado em regras de associação e qualidade de regras, denominado EQAR, que estende o algoritmo clássico ECLAT. Para fins de comparação dos quatro modelos, utilizamos três datasets frequentemente utilizados para o treino de modelos de detecção de malwares Android: DREBIN-215, KronoDroid Emulador e KronoDroid Dispositivo Real. Os resultados indicam que os métodos de classificação baseados em regras de associação apresentam bons resultados, entretanto, os metodos avaliados dificilmente conseguem atingir a estabilidade de métricas e os resultados numéricos alcançados por modelos de aprendizado de máquina, como RandomForest e SVM, no domínio de detecção de malwares Android.
Palavras-chave: Detecção, Associação

Referências

Abdellatif, S., Ben Hassine, M. A., Ben Yahia, S., and Bouzeghoub, A. (2018). ARCID: a new approach to deal with imbalanced datasets classification. In SOFSEM.

Agrawal, R., Imielinski, T., and Swami, A. (1993). Mining Association Rules between Sets of Items in Large Databases. In ACM SIGMOD, page 207–216. ACM.

Agrawal, R. and Srikant, R. (1994). Fast algorithms for mining association rules. In Proc. 20th Int. Conf. Cery large Data Bases, VLDB, volume 1215, pages 487–499. Citeseer.

Akbani, R., Kwek, S., and Japkowicz, N. (2004). Applying support vector machines to imbalanced datasets. In European conference on machine learning, pages 39–50.

Ali, Y., Farooq, A., Alam, T. M., Farooq, M. S., Awan, M. J., and Baig, T. I. (2019). Detection of schistosomiasis factors using association rule mining. IEEE Access, 7:18618.

Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., and Siemens, C. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In NDSS, volume 14, pages 23–26.

Chicco, D. and Jurman, G. (2020). The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC genomics, 21(1):1–13.

Clark, P. and Boswell, R. (1991). Rule induction with CN2: Some recent improvements. In European Working Session on Learning, pages 151–163. Springer.

Guerra-Manzanares, A., Bahsi, H., and Nomm, S. (2021). Kronodroid: Time-based hybrid-featured dataset for effective android malware detection and characterization. Computers & Security, 110:102399.

Han, J., Pei, J., and Yin, Y. (2000). Mining frequent patterns without candidate generation. ACM sigmod record, 29(2):1–12.

Islam, F. Z., Jamil, A., and Momen, S. (2021). Evaluation of machine learning methods for android malware detection using static features. In IEEE IICAIET, pages 1–6.

Janssen, F. and Furnkranz, J. (2010). On the quest for optimal rule learning heuristics. Machine Learning, 78(3):343–379.

Jeeva, S. C. and Rajsingh, E. B. (2016). Intelligent phishing url detection using association rule mining. Human-centric Computing and Information Sciences, 6(1):1–19.

Kaur, M. and Kang, S. (2016). Market basket analysis: Identify the changing trends of market data using association rule mining. Procedia Computer Science, 85:78–85.

Lenca, P., Vaillant, B., Meyer, P., and Lallich, S. (2007). Association rule interestingness measures: Experimental and theoretical studies. In Quality Measures in Data Mining.

Li, H. and Sheu, P. C.-Y. (2021). A scalable association rule learning heuristic for large datasets. Journal of Big Data, 8(1):1–32.

Li, W., Han, J., and Pei, J. (2001). CMAR: Accurate and efficient classification based on multiple class-association rules. In IEEE ICDM, pages 369–376.

Liu, B., Hsu, W., Ma, Y., et al. (1998). Integrating classification and association rule mining. In Kdd, volume 98, pages 80–86.

Osisanwo, F., Akinsola, J., Awodele, O., Hinmikaiye, J., Olakanmi, O., and Akinjobi, J. (2017). Supervised machine learning algorithms: classification and comparison. IJCTT, 48(3):128.

Sadgali, I., Sael, N., and Benabbou, F. (2021). Human behavior scoring in credit card fraud detection. IAES International Journal of Artificial Intelligence, 10:698–706.

Sharma, T. and Rattan, D. (2021). Malicious application detection in android—a systematic literature review. Computer Science Review, 40:100373.

Sun, L., Li, Z., Yan, Q., Srisa-an, W., and Pan, Y. (2016). SigPID: significant permission identification for android malware detection. In 11th MALWARE, pages 1–8. IEEE.

Thabtah, F. (2007). A review of associative classification mining. The Knowledge Engineering Review, 22(1):37–65.

Thabtah, F., Cowling, P., and Peng, Y. (2005). MCAR: multi-class classification based on association rule. In 3rd ACS/IEEE AICCSA, pages 33–.

Wang, W., Zhao, M., Gao, Z., Xu, G., Xian, H., Li, Y., and Zhang, X. (2019). Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions. IEEE Access, 7:67602–67631.

Wrobel, ?., Sikora, M., and Michalak, M. (2016). Rule quality measures settings in classification, regression and survival rule induction—an empirical approach. Fundamenta Inf., 149(4):419.

Yin, X. and Han, J. (2003). CPAR: Classification based on predictive association rules. In Proceedings of the SIAM international conference on data mining, pages 331–335.

Zaki, M. J. (2000). Scalable algorithms for association mining. IEEE transactions on knowledge and data engineering, 12(3):372–390.

Zhang, M. and He, C. (2010). Survey on association rules mining algorithms. In Advancing Computing, Communication, Control and Management, pages 111–118. Springer.
Publicado
12/09/2022
ROCHA, Vanderson da Silva; KREUTZ, Diego; PONTES, Jonas; FEITOSA, Eduardo. Avaliação de Métodos de Classificação baseados em Regras de Associação para Detecção de Malwares Android. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 22. , 2022, Santa Maria. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2022 . p. 316-329. DOI: https://doi.org/10.5753/sbseg.2022.21677.

##plugins.generic.recommendByAuthor.heading##

1 2 3 4 5 6 > >>