Abstract
With Android's dominant position within the current smartphone OS, increasing number of malware applications pose a great threat to user privacy and security. Classification algorithms that use a single feature usually have weak detection performance. Although the use of multiple features can improve the detection effect, increasing the number of features increases the requirements of the operating environment and consumes more time. We propose a fast Android malware detection framework based on the combination of multiple features: FAMD (Fast Android Malware Detector). First, we extracted permissions and Dalvik opcode sequences from samples to construct the original feature set. Second, the Dalvik opcodes are preprocessed with the N-Gram technique, and the FCBF (Fast Correlation-Based Filter) algorithm based on symmetrical uncertainty is employed to reduce feature dimensionality. Finally, the dimensionality-reduced features are input into the CatBoost classifier for malware detection and family classification. The dataset DS-1, which we collected, and the baseline dataset Drebin were used in the experiment. The results show that the combined features can effectively improve the detection accuracy of malware that can reach 97.40% on Drebin dataset, and the malware family classification accuracy can achieve 97.38%. Compared with other state-of-the-art works, our framework achieves higher accuracy and lower time consumption.
Highlights
I N the past ten years, advancements in mobile internet technology have changed the lifestyles of countless users and have brought tremendous changes to the proceedures used in various industries, such as governments and enterprises
The number of applications that can be classified as malware continues to increase, new types of malware and camouflage techniques are constantly updating, effectively detecting malware in a relatively short time is of considerable significance to the third-party application markets and users
We present a fast Android malware detection framework, FAMD, which combines permission features and Dalvik opcode features from different operation levels to construct feature vectors
Summary
I N the past ten years, advancements in mobile internet technology have changed the lifestyles of countless users and have brought tremendous changes to the proceedures used in various industries, such as governments and enterprises. A series of security risks have arisen in mobile internet technology. Malware applications are hidden in smart terminals, such as information leaks, Trojan horses, push advertising, and pose threats to user privacy. In 2019, Kaspersky’s report [2] showed that 3,503,952 malicious installation packages were found in its mobile terminal products. The number of attacks on mobile devices increased by 50% in 2019, from 40,386 in 2018 to 67,500 in 2019. In addition to spyware and Trojans in traditional network security, the usage of stalkerware on mobile devices is growing. Due to the large number of Android malware, the fast update speed and the constant emergence of new types of malware, it is always challenging to study how to effectively detect malware, reduce the detection time and improve the detection efficiency
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
