Android Malware Characterization using Metadata and Machine Learning Techniques
Ignacio Mart\'in, Jos\'e Alberto Hern\'andez, Alfonso Mu\~noz, Antonio, Guzm\'an
TL;DR
This paper explores the use of app metadata and machine learning to detect Android malware effectively, emphasizing features beyond app permissions for early and efficient identification.
Contribution
It introduces a focus on indirect features like developer and certificate issuer data, demonstrating their relevance in malware detection over traditional permission-based methods.
Findings
Permissions offer moderate detection performance
Developer and certificate issuer data are more relevant features
Efficient classifiers enable early malware detection
Abstract
Android Malware has emerged as a consequence of the increasing popularity of smartphones and tablets. While most previous work focuses on inherent characteristics of Android apps to detect malware, this study analyses indirect features and meta-data to identify patterns in malware applications. Our experiments show that: (1) the permissions used by an application offer only moderate performance results; (2) other features publicly available at Android Markets are more relevant in detecting malware, such as the application developer and certificate issuer, and (3) compact and efficient classifiers can be constructed for the early detection of malware applications prior to code inspection or sandboxing.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.