AdStop: Efficient flow-based mobile adware detection using machine learning

In recent years, mobile devices have become commonly used not only for voice communications but also to play a major role in our daily activities. Accordingly, the number of mobile users and the number of mobile applications (apps) have increased exponentially. With a wide user base exceeding 2 billion users, Android is the most popular operating system worldwide, which makes it a frequent target for malicious actors. Adware is a form of malware that downloads and displays unwanted advertisements, which are often offensive and always unsolicited. This paper presents a machine learning-based system (AdStop) that detects Android adware by examining the features in the flow of network traffic. The design goals of AdStop are high accuracy, high speed, and good generalizability beyond the training dataset. A fea -ture reduction stage was implemented to increase the accuracy of Adware detection and reduce the time overhead. The number of relevant features used in training was reduced from 79 to 13 to improve the ef-ficiency and simplify the deployment of AdStop. In experiments, the tool had an accuracy of 98.02% with a false positive rate of 2% and a false negative rate of 1.9%. The time overhead was 5.54 s for training and 9.36 lis for a single instance in the testing phase. In tests, AdStop outperformed other methods described in the literature. It is an accurate and lightweight tool for detecting mobile adware.(c) 2022 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/ )