Android Malware Detection Methods Based on the Combination of Clustering and Classification
With the popularity of Android platform, Android malware detection is a challenging practical problem that needs to be resolved urgently. In this paper, we propose two static analysis methods for Android malware detection based on the combination of clustering and classification. First, we obtain original feature set from the manifest file and disassembled code of Android applications. Then, through the analysis of the category and appearance frequency of each feature, we extract some key features for malware detection so as to reduce the dimensionality of feature vector. Finally, we propose two methods based on the combination of clustering and classification to distinguish malicious and benign applications. One is mixed clustering, which clusters the malicious and benign samples together; the other is separate clustering, which clusters the malicious and benign samples separately. We choose to use the K-mean clustering algorithm and the K-Nearest Neighbor (KNN) classification algorithm. Evaluation results show that our methods outperform the common SVM-based method in detection accuracy, and outperform the KNN-based method in prediction time. In addition, the detection ability for unknown malware families of our methods is also better than that of the SVM-based method.
KeywordsAndroid Malware detection Clustering Classification Dimensionality reduction Static analysis
This work is supported by the Special Funds for Discipline and Specialty Construction of Guangdong Higher Education Institutions (2016KTSCX040).
- 1.Kantar Worldpanel. https://www.kantarworldpanel.com/cn/smartphone-os-market-share/. Accessed 30 Apr 2018
- 2.China Mobile Security Risk Report 2017. http://bbs.360.cn/thread-14972358-1-1.html. Accessed 30 Apr 2018
- 4.Singh, L., Hofmann, M.: Dynamic behavior analysis of Android applications for malware detection. In: International Conference on Intelligent Communication and Computational Techniques, pp. 1-7. IEEE, Jaipur (2017)Google Scholar
- 6.Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: Efficient and explainable detection of Android malware in your pocket. In: 21st Annual Network and Distributed System Security Symposium, pp. 1–15. Internet Society, San Diego (2014)Google Scholar
- 8.Deypir, M., Horri, A.: Instance based security risk value estimation for Android applications. J. Inf. Secur. Appl. 40, 20–30 (2018)Google Scholar
- 9.Morales-Ortega, S., Escamilla-Ambrosio, P.J., Rodriguez-Mota, A., Coronado-De-Alba, L.D.: Native malware detection in smartphones with Android OS using static analysis, feature selection and ensemble classifiers. In: 11th International Conference on Malicious and Unwanted Software, pp. 67–74. IEEE, Fajardo (2017)Google Scholar
- 11.Miao, X.C., Wang, R., Xu, L., Zhang, W.F., Xu, B.W.: Security analysis for Android applications using sensitive path identification. J. Softw. 28(9), 2248–2263 (2017)Google Scholar
- 14.The Drebin Dataset. http://www.sec.cs.tu-bs.de/~danarp/drebin/index.html. Accessed 30 Apr 2018
- 15.Scikit-learn. http://scikit-learn.org/stable/. Accessed 30 Apr 2018