Android Applications Malware Detection using Machine Learning Approach

Abstract

Android malware development has been increasing along with increasing the development of Android mobile devices. Some of the malicious intention of Android malware are exposing local information, reading users SMS messages, selling users information and stealing user credentials. To minimize the Android security problem, Google provide Android security mechanism that can help user and protect them from malware attack. However, the system cannot detect the malicious application at the background. As a solution to these problems, in this research work we designed the signature-based and permission-based detection techniques with cloud server approach. Specifically, the study considers the SHA-256 value of the given application and compared with lists exist on local database. On the server side, the permissions required by the unknown application were analyzed to construct feature vector. Machine learning approaches are the current techniques to model static and dynamic features of Android malware. Whereas the detection performance of machine learning techniques increases with increasing the quality of attributes that used to differentiate malicious application and normal application. Three classification algorithms such as Naïve Bayes, decision tree and SVM classification performance were compared. SVM classification algorithm, which has better classification accuracy is used for modeling classifier. The unknown application is submitted to the classifier model and the classifier detects the application. The proposed solution has been tested by analyzing both normal and malicious applications collected. According to the evaluation result, the proposed system can classify Android application into normal or malicious. Generally, client-server Android malware detection approach with the aid of machine learning methods has better detection performance than other existing detection techniques