Analysis and Evaluation of Antivirus Engines in Detecting Android Malware: A Data Analytics Approach

摘要

Given the high popularity of Android devices, the amount of malware applications in Android markets has been growing at a fast pace in the past few years. However, the concept of malware is something vague since it often occurs that AntiVirus engines flag an application as malware while others do not, having no real consensus between different engines. With the help of data analytics applied to more than 80 thousand malware applications, this work further investigates on the relationships between different AntiVirus engines, showing that some of them are highly correlated while others behave totally uncorrelated from others. Finally, we propose a new metric based on Latent Variable Models to identify which engines are more powerful in identifying true malware applications.