Volume 9 - Issue 1
Efficient Android Malware Detection Using API Rank and Machine Learning
- Jaemin Jung
Dankook University, Yongin, Republic of Korea
snorlax@dankook.ac.kr
- Hyunjin Kim
Dankook University, Yongin, Republic of Korea
khj0417@dankook.ac.kr
- Seong-je Cho
Dankook University, Yongin, Republic of Korea
sjcho@dankook.ac.kr
- Sangchul Han
Konkuk University, Chungju, Republic of Korea
schan@kku.ac.kr
- Kyoungwon Suh
Illinois State University, Normal IL, United States of America
kwsuh@ilstu.edu
Keywords: API call, Benign APIs, Malicious APIs, Android malware, Machine Learning, Ranked API list
Abstract
As more and more sophisticated Android malwares appear in the online markets, accurate malware
detection becomes an important issue in the Android ecosystem. This paper proposes a machine
learning based Android malware detection technique that uses ranked Android APIs as machine
learning features. First, our technique extracts the information of API invocation from APK files,
then produces two ranked lists of APIs frequently used by benign apps and malwares respectively.
After filtering out the APIs common to the both lists, we merge the two lists into a single list. We
apply three classifiers, random forests (RF), k-nearest neighbor (k-NN), and logistic regression (LR)
on a dataset of 60,243 apps using the merged list as the features of the classifiers. Our evaluation
results show that the RF classifier can achieve the highest accuracy of 97.47 98.87% with very low
false positive rate (0.99 2.38%) among them.