Fest: A feature extraction and selection tool for Android malware detection

Abstract

Android has become one of the most popular mobile operating systems because of numerous applications (apps) it provides. However, Android malware downloaded from third-party markets threatens users' privacy, and most of them remain undetected because of the lack of efficient and accurate detecting techniques. Prior efforts on Android malware detection attempted to build precise classification models by manually choosing features, and few of them has used any feature selection algorithms to help pick typical features. In this paper, we present Feature Extraction and Selection Tool (Fest), a feature-based machine learning approach for malware detection. We first implement a feature extraction tool, AppExtractor, which is designed to extract features, such as permissions or APIs, according to the predefined rules. Then we propose a feature selection algorithm, FrequenSel. Unlike existing selection algorithms which pick features by calculating their importance, FrequenSel selects features by finding the difference their frequencies between malware and benign apps, because features which are frequently used in malware and rarely used in benign apps are more important to distinguish malware from benign apps. In experiments, we evaluate our approach with 7972 apps, and the results show that Fest gets nearly 98% accuracy and recall, with only 2% false alarms. Moreover, Fest only takes 6.5s to analyze an app on a common PC, which is very time-efficient for malware detection in Android markets.