Automated Static Code Analysis for Classifying Android Applications Using Machine Learning

• Published in: 2010 International Conference on Computational Intelligence and Security pp. 329 - 333
• Main Authors: Shabtai, A, Fledel, Y, Elovici, Y
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2010
• Subjects: Accuracy; Android; Classification algorithms; Feature extraction; Machine Learning; Machine learning algorithms; Malware; Mobile Devices; Mobile handsets; Security; Static analysis
• ISBN: 9781424491148; 1424491142
• DOI: 10.1109/CIS.2010.77

In this paper we apply Machine Learning (ML) techniques on static features that are extracted from Android's application files for the classification of the files. Features are extracted from Android's Java byte-code (i.e.,.dex files) and other file types such as XML-files. Our evaluation focused on classifying two types of Android applications: tools and games. Successful differentiation between games and tools is expected to provide positive indication about the ability of such methods to learn and model Android benign applications and potentially detect malware files. The results of an evaluation, performed using a test collection comprising 2,285 Android .apk files, indicate that features, extracted statically from .apk files, coupled with ML classification algorithms can provide good indication about the nature of an Android application without running the application, and may assist in detecting malicious applications. This method can be used for rapid examination of Android .apks and informing of suspicious applications.