Android Malware Characterization using Metadata and Machine Learning Techniques
This work addresses malware detection for Android users by proposing an incremental approach using publicly available metadata to improve efficiency.
The study tackled Android malware detection by analyzing indirect features and metadata instead of inherent app characteristics, finding that features like developer and certificate issuer are more relevant than permissions, and that compact classifiers can enable early detection before code inspection.
Android Malware has emerged as a consequence of the increasing popularity of smartphones and tablets. While most previous work focuses on inherent characteristics of Android apps to detect malware, this study analyses indirect features and meta-data to identify patterns in malware applications. Our experiments show that: (1) the permissions used by an application offer only moderate performance results; (2) other features publicly available at Android Markets are more relevant in detecting malware, such as the application developer and certificate issuer, and (3) compact and efficient classifiers can be constructed for the early detection of malware applications prior to code inspection or sandboxing.