Abstract

Accurate malware detection can benefit Android users significantly considering the growing number of sophisticated malwares recently. In this paper, we propose a machine learning based malware detection methodology that identifies the subset of Android APIs that is effective as features and classifies Android apps as benign or malicious apps. The proposed methodology first constructs two ranked lists of popular Android APIs. One is benign_API_list that contains the top popular APIs commonly used in benign apps, and the other malicious_API_list that contains the top popular APIs commonly used in malicious apps. We observe that the set of APIs in benign_API_list is quite different from the set of APIs in malicious_API_list. We apply Random Forest classifier on a dataset of 60,243 apps by using each list as the features of the classifier. To evaluate the proposed methodology, we build top50_benign_API_list and top50_malicious_API_list by only selecting the first 50 APIs in each ranked list. Our evaluation shows that the Random Forest classifier with top50_benign_API_list is more accurate than the one with top50_malicious_API_list. The Random Forest classifier with top50_benign_API_list can achieve high accuracy of 99.98%.