Android Malware Detection Mechanism Based on Bayesian Model Averaging

Abstract

Since Android is the most widely used operating system for mobile devices, it has been a target for widespread malware attacks. During the past years, many new malware detection mechanisms have been introduced for the Android platform. These methods are generally classified as static analysis and dynamic analysis methods. However, none of the existing mechanisms are able to detect the malware applications with reasonable false positive and negative rates. This is a major concern in the field of Android malware detection. In this paper, we propose a novel malware detection mechanism by combining the estimated malicious probability values of three distinct naive Bayes classifiers based on API calls, permissions, and system calls using Bayesian model averaging approach. The majority of the existing Android malwares have signatures in at least one of API calls, permissions, or system call sequences. Hence, the proposed mechanism can overcome the limitations of the existing static and dynamic malware detection mechanism to a good extent. Our experiments have shown that the proposed mechanism is more accurate than the existing static and dynamic malware detection mechanisms.