Examining Application Components to Reveal Android Malware

Abstract

Smartphones are becoming ubiquitous in everyday life and malware is exploiting these devices. Therefore, a means to identify the threats of malicious applications is necessary. This paper presents a method to classify and analyze Android malware through application component analysis. The experiment parses select portions from Android packages to collect features using byte sequences and permissions of the application. Multiple machine learning algorithms classify the samples of malware based on these features. The experiment utilizes instance based learner, naive Bayes, decision trees, sequential minimal optimization, boosted naive Bayes, and boosted decision trees to identify the best components that reveal malware characteristics. The best case classifies malicious applications with an accuracy of 99.24% and an area under curve of 0.9890 utilizing boosted decision trees. This method does not require scanning the entire application and provides high true positive rates. This thesis investigates the components to provide malware classification.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2013
Accession Number
ADA582439

Entities

People

  • John B. Guptill

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Air Force
  • Algorithms
  • Bayesian Networks
  • Computer Programming
  • Computer Programs
  • Computers
  • Feature Extraction
  • Machine Learning
  • Mobile Devices
  • Mobile Operating Systems
  • Mobile Phones
  • Operating Systems
  • Personal Computers
  • Smartphones
  • Supervised Machine Learning
  • Text Messaging

Fields of Study

  • Computer science

Readers

  • Artificial Intelligence
  • Cybersecurity.
  • Regression Analysis.

Technology Areas

  • AI & ML
  • Cyber