Uneingeschränkter Zugang

Improving mobile security: A study on android malware detection using LOF

Luay Albtosh

Luay Albtosh

Capitol Technology UniversityLaurel, USA
Suche nach diesem Autor auf
Sciendo|Google Scholar
Albtosh, Luay
 und 
Marwan Omar

Marwan Omar

  • Capitol Technology UniversityLaurel, USA
  • College of Computing, Illinois Institute of Technology, Capitol Technology UniversityLaurel, USA
Suche nach diesem Autor auf
Sciendo|Google Scholar
Omar, Marwan
  
18. Sept. 2024
Improving mobile security: A study on android malware detection using LOF's Cover Image
Über diesen Artikel
Vorheriger Artikel
Nächster Artikel
Zitieren
COVER HERUNTERLADEN
Artikel-Kategorie: Original Study
Online veröffentlicht: 18. Sept. 2024
Seitenbereich: 241 - 252
Eingereicht: 05. Nov. 2023
Akzeptiert: 01. Mai 2024
DOI: https://doi.org/10.2478/ijmce-2025-0018
Schlüsselwörter
© 2025 Luay Albtosh et al., published by Sciendo
This work is licensed under the Creative Commons Attribution 4.0 International License.

Fig. 1

Schematic of the malware detection process using the LOF method.
Schematic of the malware detection process using the LOF method.

Fig. 2

Illustration of malware detection using LOF.
Illustration of malware detection using LOF.

Fig. 3

Comparison of accuracy.
Comparison of accuracy.

Fig. 4

Precision and recall comparison.
Precision and recall comparison.

Fig. 5

FPR comparison.
FPR comparison.

Android malware detection performance metrics_

Method Accuracy Precision Recall FPR
LOF 0.9202 0.8495 0.367 0.2367
Isolation Forest 0.8801 0.8123 0.398 0.2856
Decision Tree 0.8653 0.7975 0.382 0.2941
KNN 0.9012 0.8256 0.405 0.2712

Comparison of android malware detection methods (Hypothetical results)_

Metric LOF Isolation Forest Decision Tree KNN
Accuracy 0.9202 0.8801 0.8653 0.9012
F1 Score 0.8495 0.8123 0.7975 0.8256
FPR 0.3670 0.4200 0.4350 0.3980
Precision 0.8632 0.7956 0.7834 0.8157
Recall 0.8371 0.8324 0.8102 0.8452
AUC 0.9315 0.8997 0.8836 0.9154
MCC 0.7261 0.6782 0.6579 0.7064
TNR 0.6320 0.5770 0.5910 0.6120

Algorithm Description: Malware Detection using Local Outlier Factor

1: Input:
2:   D: The dataset of feature vectors from Android applications.
3:   k: Number of nearest neighbors for LOF calculation.
4:   t: Outlier threshold for labeling applications.
5: Output:
6:   List of Android applications labeled as benign or malware.
7: procedure TrainLOF(D, k)
8:   Compute the k-distance for each application in D.
9:    Compute the reachability distance for each application in D.
10:   Compute the local reachability density for each application.
11:   Compute the LOF score for each application.
12:   return Model with LOF scores.
13: end procedure
14: procedure DetectMalware(Model, t)
15:   for each application x in D do
16:     Compute the LOF score for x using the trained Model.
17:     if LOF score of x > t then
18:       Label x as malware.
19:     else
20:       Label x as benign.
21:     end if
22:   end for
23:   return List of labeled applications.
24: end procedure
Sprache:
Englisch
Zeitrahmen der Veröffentlichung:
2 Hefte pro Jahr
Fachgebiete der Zeitschrift:
Informatik, Informatik, andere, Technik, Einführungen und Gesamtdarstellungen, Technik, andere, Mathematik, Mathematik, Allgemeines, Physik, Physik, andere
Zeitschrift RSS Feed