A machine learning approach to anomaly-based detection on Android platforms

TL;DR

This paper presents a machine learning-based system for detecting Android malware in real-time, achieving high accuracy and low false positives by monitoring applications during execution.

Contribution

It introduces an in-device malware detection method using a K-Nearest Neighbour classifier based on features extracted from running applications.

Findings

Detection accuracy of 93.75%

Low false positive rate

Effective detection of real Android malware

Abstract

The emergence of mobile platforms with increased storage and computing capabilities and the pervasive use of these platforms for sensitive applications such as online banking, e-commerce and the storage of sensitive information on these mobile devices have led to increasing danger associated with malware targeted at these devices. Detecting such malware presents inimitable challenges as signature-based detection techniques available today are becoming inefficient in detecting new and unknown malware. In this research, a machine learning approach for the detection of malware on Android platforms is presented. The detection system monitors and extracts features from the applications while in execution and uses them to perform in-device detection using a trained K-Nearest Neighbour classifier. Results shows high performance in the detection rate of the classifier with accuracy of 93.75%, low error rate of 6.25% and low false positive rate with ability of detecting real Android malware.