Analysis and detection of potentially harmful Android applications using machine learning

Abstract

With the rapid advancement of technology today, smartphones have become more and more powerful and attract a huge number of users with new features provided by mobile device operating systems such as Android and iOS. Android extended its lead by capturing 86% of the total market in 2017 (Gartner, 2017) and became the most popular mobile operating system. However, this huge demand and freedom has made the hackers and cybercriminals more curious to generate malicious apps towards the Android operating system. Thus, research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area. This paper proposes a static-dynamic hybrid malware detecting scheme for Android applications. While the static analysis could be fast, and less resource consuming technique and dynamic analysis can be used for high complexity and deep analysis. The suggested methods can automatically deliver an unknown application for both static and dynamic analysis and determine whether Android application is a malware or not. The experimental results show that the suggested scheme is effective as its detection accuracy can achieve to 93% ∼ 100%. The findings have been more accurate in identifying Android malwares rather than separating those two static and dynamic behaviors. Furthermore, this research compares the machine learning algorithms for static and dynamic analysis of the Android malwares and compare the accuracy by the data used to train the machine learning models. It reveals Deep Neural Networks and SVM can be used for and higher accuracy. In addition, era of the training and testing dataset highly effect the accuracy of the results regarding Android applications.