Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers

W Wang, Y Li, X Wang, J Liu, X Zhang - Future generation computer …, 2018 - Elsevier
Future generation computer systems, 2018Elsevier
Android platform has dominated the markets of smart mobile devices in recent years. The
number of Android applications (apps) has seen a massive surge. Unsurprisingly, Android
platform has also become the primary target of attackers. The management of the
explosively expansive app markets has thus become an important issue. On the one hand, it
requires effectively detecting malicious applications (malapps) in order to keep the malapps
out of the app market. On the other hand, it needs to automatically categorize a big number …
Abstract
Android platform has dominated the markets of smart mobile devices in recent years. The number of Android applications (apps) has seen a massive surge. Unsurprisingly, Android platform has also become the primary target of attackers. The management of the explosively expansive app markets has thus become an important issue. On the one hand, it requires effectively detecting malicious applications (malapps) in order to keep the malapps out of the app market. On the other hand, it needs to automatically categorize a big number of benign apps so as to ease the management, such as correcting an app’s category falsely designated by the app developer. In this work, we propose a framework to effectively and efficiently manage a big app market in terms of detecting malapps and categorizing benign apps. We extract 11 types of static features from each app to characterize the behaviors of the app, and employ the ensemble of multiple classifiers, namely, Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Naive Bayes (NB), Classification and Regression Tree (CART) and Random Forest (RF), to detect malapps and to categorize benign apps. An alarm will be triggered if an app is identified as malicious. Otherwise, the benign app will be identified as a specific category. We evaluate the framework on a large app set consisting of 107,327 benign apps as well as 8,701 malapps. The experimental results show that our method achieves the accuracy of 99.39% in the detection of malapps and achieves the best accuracy of 82.93% in the categorization of benign apps.
Elsevier