Hybrid-Based Malware Analysis for Effective and Efficiency Android Malware Detection

Abstract

In the last decade, Android is the most widely used operating system. Despite this rapidly increasing popularity, Android is also a target for the spread of malware. Android admits the installation of applications from other unauthorized markets. This fact allows malware developers to place malicious apps and engage Android devices. So far, malware analysis and detection systems have been developed to use both static analysis and dynamic analysis. However, existing research is still lagging in the performance of detecting malware efficiently and accurately. For accurate malware detection, it often utilizes many resources from resource-limited mobile devices. Therefore, this research proposes a solution by developing and testing an efficient and accurate machine learning and deep learning model for this problem. We used the malware genome dataset and the Drebin project for static analysis and used the CICMalDroid dataset for dynamic analysis. From these two datasets, we extract 261 combined features of the hybrid analysis. To test the model that was built, we took 311 application samples consisting of 165 benign apps from the play store and 146 malicious apps from VirusShare. The test results show that the hybrid analysis model can increase detection by about 5%. Further testing also revealed that the extreme gradient boosting (XGB) assemble model is the best accuracy and efficiency model.