Android Malware Detection Based on Static Behavior Feature Analysis

As an open source operating system, Android has groups of users and developers, which result in a great deal of Android application in app markets. But at the same time, app’s benign and malicious behavior cannot be screened, the number of new malware sample for Android platform and infected mobile phone are still soaring, Android malware detection is faced with a tough challenge. Thus this paper proposes an approach that analyze Android malware by extracting app’s static behavior, and information are captured include the use of permission, android’s components and API calls. Then we take the advantage of PCA to extract app’s principle behavior features. Finally, classifiers are trained by Android app dataset to validate the performance. Experiments show that the proposed method is capable of 97.4% true positive rate and 99.8% area under ROC, our lightweight classifiers can detect Android’s unknown malware effectively and accurately.

[1]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[2]  Mohammed S. Alam,et al.  Random Forest Classification for Detecting Android Malware , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[3]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[4]  Neeraj Kumar,et al.  Decision Tree and SVM-Based Data Analytics for Theft Detection in Smart Grid , 2016, IEEE Transactions on Industrial Informatics.

[5]  Seetha Hari,et al.  Learning From Imbalanced Data , 2019, Advances in Computer and Electrical Engineering.

[6]  Xiangliang Zhang,et al.  Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection , 2014, IEEE Transactions on Information Forensics and Security.

[7]  Richard E. Harang,et al.  Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[8]  Seref Sagiroglu,et al.  A review on mobile threats and machine learning based detection approaches , 2016, 2016 4th International Symposium on Digital Forensic and Security (ISDFS).

[9]  Witawas Srisa-an,et al.  DroidClassifier: Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware , 2016, SecureComm.

[10]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[11]  Jin Li,et al.  Secure attribute-based data sharing for resource-limited users in cloud computing , 2018, Comput. Secur..

[12]  Hu Wenju A Detection Method and System Implementation for Android Malware , 2013 .

[13]  Ron Kohavi,et al.  Wrappers for Feature Subset Selection , 1997, Artif. Intell..

[14]  Yuval Elovici,et al.  Automated Static Code Analysis for Classifying Android Applications Using Machine Learning , 2010, 2010 International Conference on Computational Intelligence and Security.

[15]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[16]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[17]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[18]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.