Android Malware Detection based on Vulnerable Feature Aggregation

摘要

Android has paved the way for the smartphone revolution. With the ever-growing advancements in technology, there is an inherent increase in the user reliance upon mobile technologies and third-party applications for communication, banking, and commerce. Needless to say, this is accompanied by steady growth in the number of attack surfaces, giving rise to new and highly advanced malicious software. Traditional malware detection approaches have revolved around pattern-based detection, which can easily be deterred using zero-day attacks. In this paper, we present a novel feature-engineering technique for android malware detection using Machine Learning. We perform static analysis to map each Application Programming Interface call to certain features, which is later aggregated to find the frequency of occurrence per feature. We empirically evaluate our approach and its robustness on 972 obfuscated android applications and 1100 benign applications and achieve an ROC-AUC score of 98.87%. We also demonstrate the scalability of our model by reducing the feature set by 75.9% and achieving a comparable ROC-AUC score of 95.67%.