AdDroid: Rule-Based Machine Learning Framework for Android Malware Analysis

Recent years have witnessed huge growth in Android malware development. Colossal reliance on Android applications for day to day working and their massive development dictates for an automated mechanism to distinguish malicious applications from benign ones. A significant amount of research has been devoted to analyzing and mitigating this growing problem; however, attackers are using more complicated techniques to evade detection. This paper proposes a framework, AdDroid; for analyzing and detecting malicious behaviour in Android applications based on various combinations of artefacts called Rules. The artefacts represent actions of an Android application such as connecting to the Internet, uploading a file to a remote server or installing another package on the device etc. AdDroid employs an ensemble-based machine learning technique where Adaboost is combined with traditional classifiers in order to train a model founded on static analysis of Android applications that is capable of recognizing malicious applications. Feature selection and extraction techniques are used to get the most distinguishing Rules. The proposed model is created using a dataset comprising 1420 Android applications with 910 malicious and 510 benign applications. Our proposed system achieved an accuracy of 99.11% with 98.61% True Positive (TP) and 99.33% True Negative (TN) rate. The high TP and TN rates reflect the efficacy on both major and minor class. Since the proposed solution has exceptionally low computational complexity, therefore, making it possible to analyze applications in real-time.