Android Malware Permission-Based Multi-Class Classification Using Extremely Randomized Trees

• Main Authors: Fahad Alswaina, Khaled Elleithy
• Format: Article
• Language: English
• Published: IEEE 2018-01-01
• Series: IEEE Access
• Subjects: Malware application; reverse engineering; machine learning; static analysis; android permissions; android security
• Online Access: https://ieeexplore.ieee.org/document/8552361/

Due to recent developments in hardware and software technologies for mobile phones, people depend on their smartphones more than ever before. Today, people conduct a variety of business, health, and financial transactions on their mobile devices. This trend has caused an influx of mobile applications that require users' sensitive information. As these applications increase so too have the number of malicious applications that steal users' sensitive information. Through our research, we developed a reverse engineering framework (RevEng). Within RevEng, the applications' permissions were selected, and then fed into machine learning algorithms. Through our research, we created a reduced set of permissions by using extremely randomized trees that achieved high accuracy and a shorter execution time. Furthermore, we conducted two approaches based on the extracted information. Approach one used binary value representation of the permissions. Approach two used the features' importance; we represented each selected permission (in approach one) by its weighted value instead of the binary value. We conducted a comparison between the results of our two approaches and other related work. Our approaches achieved better results in both accuracy and time performance with a reduced number of permissions.