Merging Permission and API Features for Android Malware Detection

Abstract

The prosperity of mobile devices have been rapidly and drastically reforming the use pattern and of user habits with computing devices. Android, the most popular mobile operating system, has a privilege-separated security system through a sophisticated permission control mechanism. Android Apps need to request permissions to access sensitive personal data and system resources, but empirical studies have found that various types of malicious software could obtain permissions and attack systems and applications by deceiving users and the security mechanism. In this paper, we propose a novel machine learning approach to detect malware by mining the patterns of Permissions and API Function Calls acquired and used by Android Apps. Based on static analysis of source code and resource files of Android Apps, binary and numerical features are extracted for qualitative and quantitative evaluation. Feature selection methods are applied to reduce the feature dimension and enhance the efficiency. Different machine learning methods, including Support Vector Machines, Random Forest and Neural Networks, are applied and compared in classification. The experimental results show that the proposed approach delivers accurate detection of Android malware. We deem that the proposed approach could help raise users' awareness of potential risks and mitigate malware threats for Android devices.