AdStop: Efficient flow-based mobile adware detection using machine learning

Mohammed M. Alani, Ali Ismail Awad

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)

Abstract

In recent years, mobile devices have become commonly used not only for voice communications but also to play a major role in our daily activities. Accordingly, the number of mobile users and the number of mobile applications (apps) have increased exponentially. With a wide user base exceeding 2 billion users, Android is the most popular operating system worldwide, which makes it a frequent target for malicious actors. Adware is a form of malware that downloads and displays unwanted advertisements, which are often offensive and always unsolicited. This paper presents a machine learning-based system (AdStop) that detects Android adware by examining the features in the flow of network traffic. The design goals of AdStop are high accuracy, high speed, and good generalizability beyond the training dataset. A feature reduction stage was implemented to increase the accuracy of Adware detection and reduce the time overhead. The number of relevant features used in training was reduced from 79 to 13 to improve the efficiency and simplify the deployment of AdStop. In experiments, the tool had an accuracy of 98.02% with a false positive rate of 2% and a false negative rate of 1.9%. The time overhead was 5.54 s for training and 9.36 µs for a single instance in the testing phase. In tests, AdStop outperformed other methods described in the literature. It is an accurate and lightweight tool for detecting mobile adware.

Original languageEnglish
Article number102718
JournalComputers and Security
Volume117
DOIs
Publication statusPublished - Jun 2022

Keywords

  • Feature engineering
  • Machine learning
  • Malware detection
  • Mobile adware
  • Time efficiency
  • Traffic flow

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'AdStop: Efficient flow-based mobile adware detection using machine learning'. Together they form a unique fingerprint.

Cite this