Deteksi Malware Berbasis System Call dengan Klasifikasi Support Vector Machine pada Android

Abstract

Android is an operating system that is widely used in smartphone. The biggest threat in Android is the spread of malware that comes from Android application stores. Generally, malware use signature-based method which can be easily avoided by malware that has polymorphic capabilities. Thus, it requires more dynamic detection method. The purpose of this research is to see whether system calls can be used as features to detect Android malware and to test the accuracy of the Support Vector Machine (SVM) in classifying malware and non-malware applications using system call frequencies. The frequencies of system calls were obtained from the result of executing Android applications and unused system calls were excluded. After that, the Principal Component Analysis process was conducted to reduce the dimension and eliminate the irrelevant features. The use of Radial Basis Function kernel in SVM achieves 86.25% of malware classification while the polynomial kernel achieves 90% of malware classification.