Metadata-based Malware Detection on Android using Machine Learning

TL;DR

This paper explores using machine learning, particularly neural networks, to detect malicious Android apps based on app permissions metadata, achieving nearly 93% accuracy, addressing security challenges in mobile environments.

Contribution

It introduces a neural network-based approach utilizing app permissions metadata for malware detection on Android, with a new extensive dataset and optimized model evaluation.

Findings

Neural network model achieved 92.93% accuracy.

Permissions metadata effectively distinguish malicious from benign apps.

The approach enhances malware detection without needing app content access.

Abstract

In the digitized world, smartphones and their apps play an important role. To name just a few examples, some apps offer possibilities for entertainment, others for online banking, and others offer support for two-factor authentication. Therefore, with smartphones also, sensitive information is shared; thus, they are a desirable target for malware. The following technical report gives an overview of how machine learning, especially neural networks, can be employed to detect malicious Android apps based on their metadata. Detection based on the metadata is necessary since not all of an app's information is readable from another app due to the security layout of Android. To do so, a comparable big dataset of metadata of apps has been collected for learning and evaluation in this work. The first section, after the introduction, presents the related work, followed by the description of the sources of the dataset and the selection of the features used for machine learning, in this case, only the app permissions. Afterward, a free available dataset is used to find an efficient and effective neural network model for learning and evaluation. Here, the fully connected network type consisting of dense layers is chosen. Then this model is trained and evaluated on the new, more extensive dataset to obtain a representative result. It turns out that this model detects malware with an accuracy of 92.93% based on an app's permissions.