N-opcode Analysis for Android Malware Classification and Categorization

TL;DR

This paper introduces an n-opcode analysis method using machine learning to automatically classify and categorize Android malware, achieving high accuracy without expert feature selection.

Contribution

It presents a novel automated feature discovery approach based on n-opcode analysis for Android malware classification and categorization.

Findings

Achieved 98% f-measure on 2520 samples

Utilized up to 10-gram opcode features

Demonstrated effectiveness without domain-specific features

Abstract

Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach.