Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Android malware detection performance metrics_
| Method | Accuracy | Precision | Recall | FPR |
|---|---|---|---|---|
| LOF | 0.9202 | 0.8495 | 0.367 | 0.2367 |
| Isolation Forest | 0.8801 | 0.8123 | 0.398 | 0.2856 |
| Decision Tree | 0.8653 | 0.7975 | 0.382 | 0.2941 |
| KNN | 0.9012 | 0.8256 | 0.405 | 0.2712 |
Comparison of android malware detection methods (Hypothetical results)_
| Metric | LOF | Isolation Forest | Decision Tree | KNN |
|---|---|---|---|---|
| Accuracy | 0.9202 | 0.8801 | 0.8653 | 0.9012 |
| F1 Score | 0.8495 | 0.8123 | 0.7975 | 0.8256 |
| FPR | 0.3670 | 0.4200 | 0.4350 | 0.3980 |
| Precision | 0.8632 | 0.7956 | 0.7834 | 0.8157 |
| Recall | 0.8371 | 0.8324 | 0.8102 | 0.8452 |
| AUC | 0.9315 | 0.8997 | 0.8836 | 0.9154 |
| MCC | 0.7261 | 0.6782 | 0.6579 | 0.7064 |
| TNR | 0.6320 | 0.5770 | 0.5910 | 0.6120 |
Algorithm Description: Malware Detection using Local Outlier Factor
| 1: | Input: |
| 2: | D: The dataset of feature vectors from Android applications. |
| 3: | k: Number of nearest neighbors for LOF calculation. |
| 4: | t: Outlier threshold for labeling applications. |
| 5: | Output: |
| 6: | List of Android applications labeled as benign or malware. |
| 7: | procedure T |
| 8: | Compute the k-distance for each application in D. |
| 9: | Compute the reachability distance for each application in D. |
| 10: | Compute the local reachability density for each application. |
| 11: | Compute the LOF score for each application. |
| 12: | return Model with LOF scores. |
| 13: | end procedure |
| 14: | procedure D |
| 15: | for each application x in D do |
| 16: | Compute the LOF score for x using the trained Model. |
| 17: | if LOF score of x > t then |
| 18: | Label x as malware. |
| 19: | else |
| 20: | Label x as benign. |
| 21: | end if |
| 22: | end for |
| 23: | return List of labeled applications. |
| 24: | end procedure |