Andriod Dynamic Malware Analysis
摘要
In an era of increasing reliance on complex desktop applications, maintaining system stability and performance has become a critical priority. Real-time anomaly detection serves as an essential tool for identifying abnormal behaviours in system processes that could indicate bugs, malware activity, or resource misuse. This research work presents a lightweight and effective real-time anomaly detection system for Android-based environments, leveraging unsupervised machine learning models to learn from normal system behaviour and detect deviations without requiring labelled anomaly data. The proposed framework captures key process-level features—including CPU usage, memory consumption, input and output operations and output statistics—from all running applications and uses them to train models such as Isolation Forest, One-Class Support Vector Machine, Local Outlier Factor, and Elliptic Envelope. These models are evaluated in real-time over a 60-s monitoring period using precision, recall, F1-score, and confusion matrix metrics. Among all models evaluated, Isolation Forest demonstrated the highest overall accuracy and robustness, achieving a detection accuracy of over 99% while maintaining low false-positive rates. Its ensemble-based approach and inherent capability to isolate anomalies in high-dimensional data made it especially suitable for dynamic process monitoring on Android systems. The results affirm the feasibility of deploying unsupervised learning models for anomaly detection in practical, resource-constrained settings. The framework requires minimal setup, introduces negligible overhead, and can be integrated with system monitoring tools or endpoint protection solutions. Future enhancements include adaptive threshold tuning, integration with alerting mechanisms, and support for contextual anomaly classification.