Citation

Mimi, Mousumi Ahmed and Ng, Hu and Yap, Timothy Tzen Vun (2025) Directional features and rule-based labeling for real-time network traffic-based android spyware classification. The Journal of Supercomputing, 81 (8). ISSN 1573-0484

Text 2.pdf - Published Version Restricted to Repository staff only Download (3MB)

Abstract

This study addresses the critical challenge of detecting Android spyware in real time, emphasizing cybersecurity risks and the limitations of existing approaches. Previous works rely on signature-based methods or static network traffic analysis, which are effective for known spyware but fail to capture dynamic and evolving spyware behaviors in real-time environments. This study bridges this gap by proposing real-time spyware classification approach based on network traffic analysis, utilizing directional features and rule-based labeling for enhancing spyware classification. It collects 14 spyware types with normal traffic and develops two methods: Method A (single directional) and Method B (bi-directional), applying several learning models to assess performance. Models are saved during batch processing for micro-batch and real-time analysis. Using 150 packets, micro-batch accuracy achieves 76.29 84.95% (Method A) and 74.18 83.23% (Method B), while real-time analysis achieves 74.99% (Method A) and 72.66% (Method B). XGB achieves 80.01% accuracy, advancing Android spyware classification.

Item Type:	Article
Uncontrolled Keywords:	Android spyware · Spyware classifcation · Trafc analysis · Feature engineering
Subjects:	T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television
Divisions:	Faculty of Computing and Informatics (FCI)
Depositing User:	Ms Suzilawati Abu Samah
Date Deposited:	30 Jun 2025 01:53
Last Modified:	30 Jun 2025 01:53
URII:	http://shdl.mmu.edu.my/id/eprint/14137

Downloads

Edit (login required)