Machine Learning-Based Android Malware Detection Using Manifest Permissions (original) (raw)

2021, Proceedings of the Annual Hawaii International Conference on System Sciences

The Android operating system is currently the most prevalent mobile device operating system holding roughly 54 percent of the total global market share. Due to Android's substantial presence, it has gained the attention of those with malicious intent, namely, malware authors. As such, there exists a need for validating and improving current malware detection techniques. Automated detection methods such as anti-virus programs are critical in protecting the wide variety of Android-powered mobile devices on the market. This research investigates effectiveness of four different machine learning algorithms in conjunction with features selected from Android manifest file permissions to classify applications as malicious or benign. Case study results, on a test set consisting of 5,243 samples, produce accuracy, recall, and precision rates above 80%. Of the considered algorithms (Random Forest, Support Vector Machine, Gaussian Naïve Bayes, and K-Means), Random Forest performed the best with 82.5% precision and 81.5% accuracy. authors. In recent years, Android-powered devices have become increasingly targeted due in part to their increased use for business and financial tasks. Apps now routinely process sensitive financial and personal information as part of mobile banking, social media, and communication programs. Norton Anti-virus (AV) defines malware as "software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner" [3]. Norton further delineates types of malware as spyware, ransomware, viruses, worms, Trojan horses, and adware. In 2017, Kaspersky Labs reported the detection of 5,730,916 malicious installation packages, 94,368 mobile banking Trojans, and 544,107 mobile ransomware Trojans [4]. As such, it can be said that there exists a strong need for accurate and reliable commercial anti-virus (AV) tools in the Android environment and that malware in mobile devices can be a substantial threat [5]. While academicians are interested in detecting malicious activity [17,30-31], opportunities abound to improve Android malware detection accuracy in commercial AV. Zhou and Jiang [7] evaluated Android malware detection using the following antivirus programs: AVG Antivirus Free v2.9 (AVG), Lookout Security & Antivirus v6.9 (or Lookout), Norton Mobile Security Lite v2.5.0.379 (Norton), and TrendMicro Mobile Security Personal Edition v2.0.0.1294 (TrendMicro). The anti-virus programs were used to scan separate devices afflicted with 1,260 samples of malware. Of the 1,260 samples, AVG was able to detect 689 samples (54.7%), Lookout 1,003 samples (79.6%), Norton 254 samples