<p>As the dominant mobile operating system, Android’s open-source framework and extensive customization capabilities have made it vulnerable to evolving malware threats, which are difficult to detect using traditional static and dynamic analysis techniques due to advanced evasion techniques like code obfuscation and polymorphic behavior. While Machine Learning (ML) and Deep Learning (DL) have enhanced detection accuracy, they are not immune to challenges arising from high-dimensional feature spaces, data imbalance, and computational complexity. To tackle these obstacles, we proposed a comprehensive Android adware detection framework that leverages a Sparse Autoencoder (SAE) for feature learning and a CatBoost classifier optimized by Bayesian hyperparameter tuning. The SAE minimizes feature redundancy while retaining important behavioral features, and CatBoost handles categorical features and class imbalance efficiently. Experimental results on the CIC-AAGM dataset achieved 96.23% accuracy in binary classification and 95.55% in multiclass classification, outperforming established models like XGBM and LGBM. Further evaluation on the CICAndMal2017 dataset confirmed the generalization capability of the proposed hybrid model, achieving 99.24% accuracy and an F1-score of 99.14%, outperforming deep learning architectures such as Convolutional Neural Network (CNN) and CNN combined with Long Short-Term Memory (LSTM). Comparative analysis with a Variational Autoencoder-based model and an ablation study demonstrated the superior efficiency and discriminative power of the SAE-based approach. Overall, the proposed framework provides an accurate, efficient, and generalizable solution for Android adware detection, contributing to more resilient and adaptive mobile cybersecurity systems.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhanced android adware detection using optimized catboost and sparse autoencoder

  • Vahid Kardgar,
  • Seyed Yaser Bozorgi Rad,
  • Behnam Barzegar,
  • Meisam Yadollahzadeh-Tabari,
  • Homayun Motameni

摘要

As the dominant mobile operating system, Android’s open-source framework and extensive customization capabilities have made it vulnerable to evolving malware threats, which are difficult to detect using traditional static and dynamic analysis techniques due to advanced evasion techniques like code obfuscation and polymorphic behavior. While Machine Learning (ML) and Deep Learning (DL) have enhanced detection accuracy, they are not immune to challenges arising from high-dimensional feature spaces, data imbalance, and computational complexity. To tackle these obstacles, we proposed a comprehensive Android adware detection framework that leverages a Sparse Autoencoder (SAE) for feature learning and a CatBoost classifier optimized by Bayesian hyperparameter tuning. The SAE minimizes feature redundancy while retaining important behavioral features, and CatBoost handles categorical features and class imbalance efficiently. Experimental results on the CIC-AAGM dataset achieved 96.23% accuracy in binary classification and 95.55% in multiclass classification, outperforming established models like XGBM and LGBM. Further evaluation on the CICAndMal2017 dataset confirmed the generalization capability of the proposed hybrid model, achieving 99.24% accuracy and an F1-score of 99.14%, outperforming deep learning architectures such as Convolutional Neural Network (CNN) and CNN combined with Long Short-Term Memory (LSTM). Comparative analysis with a Variational Autoencoder-based model and an ablation study demonstrated the superior efficiency and discriminative power of the SAE-based approach. Overall, the proposed framework provides an accurate, efficient, and generalizable solution for Android adware detection, contributing to more resilient and adaptive mobile cybersecurity systems.