Feature Engineering based on Hybrid Features for Malware Detection over Android Framework

Android is the operating system of this modern world. Today, every tech-savvy people across the world are giving first preference to Android devices for their personal and official use. Because of the growing use of Android devices attackers are turning their attention toward android application. Because of this alarming increase in Android malware attacks there is a need to develop a defence mechanism against such attacks that must be fruitful and cost-effective. State-of-the-art malware detection techniques perform static, dynamic or hybrid analysis. Static analysis involves examining the source code malware samples without executing them. However, dynamic analysis monitors the run time behaviour of application during the actual execution of the app. Static analysis is a straightforward way to analyze the malware samples regarding the Android platform. In this research, we perform hybrid analysis using four different categories of Android application features such as permissions, intents, and network features. We extract permissions and intent from a manifest file while Network-based features extracted from java files. Our results show that the greatest precision of 0.99 can achieve by performing feature selection using Info Gain Method. Through, feature selection and results achieved by those selected features we come to know that permission are the most relevant features among all other three feature categories. We have observed that performing Ensemble method is best among all four machine learning classifiers. We have seen that network features (IP addresses, Email addresses, URL) are the relevant and effective feature for malware detection in the proposed framework.