A Machine Learning Approach for Real Time Android Malware Detection

Smart mobile devices are increasingly popular and common in modern life. The vast majority of these use Android - an open operating system developed by Android Inc., which Google bought in 2005. Along with its popularity, Android has become the target of rapidly developing malicious applications. Moreover, the fact that the users can install applications both from Google Play as well as through third-party application markets also facilitates the development and spread of applications as well as malwares on Android. In this paper, we propose a machine learning method to detect malicious applications on Android devices. The features used for machine learning are based on the common behavior of malicious applications, the required permissions, and other features taken from the applications files. With a data set of nearly 30000 samples including malicious and safe applications, we achieved results with 98.66% accuracy. In addition, using and changing libraries in the C++ language has helped us achieve a good processing speed and decision making. Thereby creating a framework that can run real time on normal devices such as a usual laptop.

[1]  Ming Yang,et al.  Real-Time Detection of Malicious Behavior in Android Apps , 2016, 2016 International Conference on Advanced Cloud and Big Data (CBD).

[2]  Zhihua Wang,et al.  FgDetector: Fine-Grained Android Malware Detection , 2017, 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC).

[3]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[4]  Thomas G. Dietterich Multiple Classifier Systems , 2000, Lecture Notes in Computer Science.

[5]  J. Friedman Stochastic gradient boosting , 2002 .

[6]  Sung Wook Baik,et al.  Machine learning-assisted signature and heuristic-based detection of malwares in Android devices , 2017, Comput. Electr. Eng..

[7]  Aziz Mohaisen,et al.  Android Malware Detection Using Complex-Flows , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[8]  Gianluca Stringhini,et al.  MaMaDroid , 2019, ACM Trans. Priv. Secur..

[9]  Sakir Sezer,et al.  DL-Droid: Deep learning based android malware detection using real devices , 2019, Comput. Secur..

[10]  Jing Cai,et al.  Malicious Behavior Analysis for Android Applications , 2016 .

[11]  Abhishek Kumar Singh,et al.  Experimental analysis of Android malware detection based on combinations of permissions and API-calls , 2019, Journal of Computer Virology and Hacking Techniques.

[12]  David Camacho,et al.  Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset , 2019, Inf. Fusion.

[13]  J. Friedman Greedy function approximation: A gradient boosting machine. , 2001 .

[14]  Chunhui Zhao,et al.  Android Malware Detection Based on Sensitive Permissions and APIs , 2019 .

[15]  Vijay Kumar,et al.  Category Based Malware Detection for Android , 2014, SSCC.

[16]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[17]  L. Breiman Arcing the edge , 1997 .

[18]  Yan Lin,et al.  Android App Malicious Behavior Detection Based on User Intention , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[19]  Pat Langley,et al.  An Analysis of Bayesian Classifiers , 1992, AAAI.

[20]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[21]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[22]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .