Native malware detection in smartphones with android OS using static analysis, feature selection and ensemble classifiers

摘要

The use of Smartphones (SPs)with Android Operating System (AOS) has reached unprecedented popularity. This is due to the many features that these devices offer as Internet connection, storage of information as well as the ability to perform diverse online transactions. As a result, these devices have become the main target of malware attacks that try to exploit the security vulnerabilities of AOS.Therefore, in order to mitigate these attacks, methods for malware analysis and detection are needed.In this work a method for analysis and detection of malware, which can run natively in the device, is proposed. The approach can analyze applications already installed on the device, monitor new apps installations or updates. Static analysis is used to determine the permissions, hardware and software features requested by applications. An application being analyzed is classified as malware or benign using a model based on ensemble machine learning classifiers and feature selection algorithms. To validate the proposed method, 1377 malware samples and 1377 benign samples, collected from different sources, were used.Results show that the proposed approach detects malware with 96.26%of accuracy. Additional tests were conducted in three different SPs devices to validate malware detection performance in a real environment andto obtain an average execution time. Results of these tests show that the proposed method detects malware with 94.48% of accuracy, getting the analysis results of an application in 35milliseconds.