Abstract

As more and more sophisticated Android malwares appear in the online markets, accurate malware detection becomes an important issue in the Android ecosystem. This paper proposes a machine learning based Android malware detection technique that uses ranked Android APIs as machine learning features. First, our technique extracts the information of API invocation from APK files, then produces two ranked lists of APIs frequently used by benign apps and malwares respectively. After filtering out the APIs common to the both lists, we merge the two lists into a single list. We apply three classifiers, random forests (RF), k-nearest neighbor (k-NN), and logistic regression (LR) on a dataset of 60,243 apps using the merged list as the features of the classifiers. Our evaluation results show that the RF classifier can achieve the highest accuracy of 97.47  98.87% with very low false positive rate (0.99  2.38%) among them.