AMD-EC: Anomaly-based Android malware detection using ensemble classifiers

Abstract

Due to significant increase in the popularity and usage of Android mobile devices, the number of malware targeting such devices has also increased dramatically. To confront with Android malware, several anomaly detection techniques have been proposed that are able to detect zero-day malware, but they often produce many false alarms that make them impractical for real-world use. In this paper, we address this problem by presenting AMD-EC, an entropy-based anomaly detection technique that uses an ensemble classifier consisting of multiple one-class classifiers to detect Android malware. Our work is motivated by the observation that combining multiple classifiers often produces higher overall classification accuracy than any individual classifier. The results of our experiments conducted on a real dataset of Android benign applications and malware samples show that AMD-EC can achieve about 99.73% detection rate, 0.81% false alarm rate, and 99.47% accuracy.