In this paper, we propose a machine learning based approach to detect malicious mobile malware Android applications. Our work is able to capture instantaneous attacks that cannot be effectively detected in past work. Based on the proposed approach, we implemented a malicious app detection tool, named Androidetect. First, we analyze the relationship between system functions, sensitive permissions and sensitive APIs. The combination of system functions has been used to describe the application behaviors and construct eigenvectors. Subsequently, based on the eigenvectors, we compare the methodologies of naive Bayesian, J48 decision tree and application functions decision algorithm (AFDA) regarding effective detection of malicious Android applications. Androidetect is then applied to test sample programs and real world applications. The experimental results prove that Androidetect can better detect malicious applications of Android by using a combination of system functions compared with previous work.
- Machine learning
- Malicious applications of Android
- System function