A TAN based hybrid model for android malware detection

Abstract

Android devices are very popular because of their availability at reasonable prices. However, there is a rapid rise of malware applications in Android platform in the recent past years due to its security vulnerabilities. The existing static malware detection mechanisms can locate malicious components associated with the source code of an application and dynamic analysis can identify exploits in the runtime environment. Hence, the advantages of both static and dynamic mechanisms need to be combined to form a hybrid analysis mechanism for achieving better accuracy in malware detection. The existing machine learning based hybrid malware analysis mechanisms do not check the interdependency of static and dynamic features used in their machine learning classifiers. This interdependency can lead to multicollinearity problem which can affect the classifier’s performance. Hence, in this paper we propose a novel TAN (Tree Augmented naive Bayes) based hybrid malware detection mechanism by employing the conditional dependencies among relevant static and dynamic features (API calls, permissions and system calls) which are required for the functionality of an application. We trained three ridge regularized logistic regression classifiers corresponding to API calls, permission and system calls of an application and modeled their output relationships as a TAN (Tree Augmented naive Bayes) for identifying whether the application is malicious or not. The experimental results show that the proposed mechanism can detect malicious applications over a long period with an accuracy of 0.97.