Classification of Android Malware Applications using Feature Selection and Classification Algorithms

Smartphones have become a potential part of our lives, and this led to a continued increase in the number of smartphone users. The growing number of users attracts hackers to develop malware applications to steal the private information and causing potential financial losses. Due to the fast modifications in the technologies used by malware developers, there is an urgent need for more advanced techniques for malware detection. In this paper, we propose an approach for Android malware classification based on features selection and classification algorithms. The proposed approach uses the permissions used in the Android app as features, to differentiate between the malware apps and goodware apps. The information gain algorithm is used to select the most significant permissions, then the classification algorithms NaivBayes, Random Forest and J48 used to classify the Android apps as goodware or malware apps. The experimental results show that random forest algorithm achieved the highest precision of 0.898 with a lowest false positive rate of 0.110.

[1]  Shubair Abdulla,et al.  Intelligent Approach for Android Malware Detection , 2015, KSII Trans. Internet Inf. Syst..

[2]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[3]  Y. Zhao,et al.  Comparison of decision tree methods for finding active objects , 2007, 0708.4274.

[4]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[5]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[6]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[7]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[8]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[9]  P. Vinod,et al.  Droid permission miner: Mining prominent permissions for Android malware analysis , 2014, The Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT 2014).

[10]  Tatsunori Mori,et al.  Information Gain Ratio as Term Weight: The case of Summarization of IR Results , 2002, COLING.

[11]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[12]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[13]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[14]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[15]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.