Android Malware Detection Methods Based on the Combination of Clustering and Classification

摘要

With the popularity of Android platform, Android malware detection is a challenging practical problem that needs to be resolved urgently. In this paper, we propose two static analysis methods for Android malware detection based on the combination of clustering and classification. First, we obtain original feature set from the manifest file and disassembled code of Android applications. Then, through the analysis of the category and appearance frequency of each feature, we extract some key features for malware detection so as to reduce the dimensionality of feature vector. Finally, we propose two methods based on the combination of clustering and classification to distinguish malicious and benign applications. One is mixed clustering, which clusters the malicious and benign samples together; the other is separate clustering, which clusters the malicious and benign samples separately. We choose to use the K-mean clustering algorithm and the K-Nearest Neighbor (KNN) classification algorithm. Evaluation results show that our methods outperform the common SVM-based method in detection accuracy, and outperform the KNN-based method in prediction time. In addition, the detection ability for unknown malware families of our methods is also better than that of the SVM-based method.