An investigation of the classifiers to detect android malicious apps

TL;DR

This paper evaluates five classifiers using opcode occurrence features to detect Android malicious apps, finding Random Forest achieves the highest malware detection rate and overall accuracy.

Contribution

It investigates the effectiveness of different classifiers based on opcode features for Android malware detection, highlighting the superior performance of Random Forest.

Findings

Random Forest has the highest malware detection rate of 99.91%.

FT classifier achieves the best detection accuracy of 79.27%.

Overall accuracy is mainly influenced by false positives.

Abstract

Android devices are growing exponentially and are connected through the internet accessing billion of online websites. The popularity of these devices encourages malware developer to penetrate the market with malicious apps to annoy and disrupt the victim. Although, for the detection of malicious apps different approaches are discussed. However, proposed approaches are not suffice to detect the advanced malware to limit/prevent the damages. In this, very few approaches are based on opcode occurrence to classify the malicious apps. Therefore, this paper investigates the five classifiers using opcodes occurrence as the prominent features for the detection of malicious apps. For the analysis, we use WEKA tool and found that FT detection accuracy (79.27%) is best among the investigated classifiers. However, true positives rate i.e. malware detection rate is highest (99.91%) by RF and fluctuate least with the different number of prominent features compared to other studied classifiers. The analysis shows that overall accuracy is majorly affected by the false positives of the classifier.