A Study Of Machine Learning Classifiers for Anomaly-Based Mobile Botnet Detection
Keywords:
machine learning classifiers, mobile botnet, anomaly-based detection, intrusion detection systemsAbstract
In recent years, mobile devices are ubiquitous. They are employed for purposes beyond merely making phone calls. Among the mobile operating systems, Android is the most popular due to its availability as an open source operating system. Due to the proliferation of Android malwares, it is crucial to study the best classifiers that can detect these malwares effectively and accurately through selecting the most suitable network traffic features as well as comprehensive comparison with related works. This study evaluates five machine learning classifiers, namely Naïve Bayes, k-nearest neighbour, decision tree, multi-layer perceptron, and support vector machine. The evaluation was validated using malware data samples from the Android Malware Genome Project. The data sample is a collection of malwares gathered between August 2010 and October 2011 by the University of North Carolina. Among various network traffic characteristics, three network features were selected: connection duration, TCP size and number of GET/POST parameters. From the experiment, it is found that knearest neighbour provides the optimum results in terms of performance among the classifiers. The experimental results also indicate a true positive rate as high as 99.94% and false positive of 0.06% for the knearest neighbour classifier.
