Improved real‐time permission based malware detection and clustering approach using model independent pruning

Abstract

The popularity of Android prompts cyber-criminals to create malicious apps that can compromise security and confidentiality of the mobile systems. Analysing the permissions requested by an app is one of the methods to detect if it is malware or not. However, taking all the permissions available in the Android system into account can result in a model with increased complexity. To tackle this, a malware detection system is needed as both efficient and employable for real-time usage. In this study, a preprocessing module has been developed that comprises of five different data reduction techniques to identify the minimal set of permission. The preprocessing resulted in a ten-dimensional vector in place of 113 permissions. It is also observed that the performance of a decision tree trained just with these ten dimensions is as the one trained with all 113 permissions. The proposed malware detection system achieves an accuracy of 94.3% on unknown malware samples. The system outperforms others in terms of recall attributed to lower false negative prediction. Further, it categorises the malware samples into 45 families using a clustering approach. An android application has also been developed using a built model for real-time usage.