A Comparative Analysis of Android Malware
This addresses malware detection for Android users, but is incremental as it applies existing machine learning methods to this domain.
The paper tackled Android malware detection and classification by analyzing permissions as static features, finding that careful feature engineering significantly reduces the number of features needed for highly accurate results.
In this paper, we present a comparative analysis of benign and malicious Android applications, based on static features. In particular, we focus our attention on the permissions requested by an application. We consider both binary classification of malware versus benign, as well as the multiclass problem, where we classify malware samples into their respective families. Our experiments are based on substantial malware datasets and we employ a wide variety of machine learning techniques, including decision trees and random forests, support vector machines, logistic model trees, AdaBoost, and artificial neural networks. We find that permissions are a strong feature and that by careful feature engineering, we can significantly reduce the number of features needed for highly accurate detection and classification.