Machine Learning Classifier-based Malware Detection System On Android

The emerging Android malwares and flooding illegal attacks have made Android platform the most dangerous smart phone platform. While Android itself provides security mechanisms, such as application sandbox, permissions mechanism and application signatures, the coarse-grained authorization mechanism greatly reduces its security. Meanwhile, thanks to the enhanced data processing capabilities in cloud computing, these classic theories and tools like data mining and machine learning can be applied Android malware detection areas.This paper aims to build an Android malware detection system based on machine learning classification algorithm. On Android devices, an extended application permission control system is deployed with backstage malware monitor monitoring malicious behaviors. On the cloud side, we take full advantage of machine learning algorithms to malware detection, by comparing the experimental data and performance of different classification algorithms to improve the detection efficiency and accuracy. The main contents includes as follows:(1) This paper analyzes the status and threat of Android malware. Meanwhile, we also summarize prevailing research and methods related with Android malware detection.(2) Through the extension of Android application permissions management mechanism, along with the app-Active Defence in the application layer, users realize fine-grained permissions allocation and change the permissions dynamically according to different application scenarios.(3) Using the backstage monitoring mechanism provided by Android, the system realizes real-time monitoring of the sensitive-related behavior, involving status of network connection, sms, unauthorized app installation and uninstall, calls etc, thus to alert the users.(4) Cloud-based machine learning classification algorithm is implemented to improve the efficiency of Android malware detection. We collect permissions, sensitive functions etc as static features by analyzing the apk strcture and using reverse engineering. The detection process includes static feature extraction, feature selection and application of machine learning classification algorithm.Results show that our system realizes dynamic permission management and backstage monitoring. And machine learning classifier can achieve the accuracy of 92% in detection.