Two Phase Static Analysis Technique for Android Malware Detection

Abstract

The growing popularity of Android based smart phones has greatly fuelled the spread of android malware. Further, these malwares are evolving rapidly to escape from traditional signature-based detection methods. Hence, there is a serious need to develop effective android malware detection techniques. In this paper, we propose two phase static android malware analysis scheme using bloom filters. The Phase I involves two different bloom filters that classify a given sample into malware or benign class based on permission feature set only. The evaded malicious samples from Phase I are further analyzed by Phase II consisting Naïve Bayes Classifier using permission and code based mixed feature set. Inclusion of Phase I classification makes the technique computationally less intensive; while addition of the Phase II classification improves the overall accuracy of the proposed model. Experimental results indicate both detection accuracy and computational efficiency of the proposed technique.