Android Malware Classification using Ensemble Classifiers

Abstract

This chapter describes the proposed methodology and the various steps involved in malware classification. Android malware are classified using ensemble parallel classifiers in machine learning. The chapter presents the results obtained for both individual and parallel ensemble classifiers. First step of classification involves separation of malicious Android Package Kit (APKs) from the combined dataset. For malware family identification and classification, only malicious APKs are required for further processing and implementation. In the model training and evaluation phase, the dataset obtained by static feature extraction and family identification is split to two parts, one part is used for training the model and the other is used to test the models. The chapter also presents the experimental set up, different tools and machine learning techniques used to carry out this process. Classification of family specifically also undergo the widespread code reuse in malware, which leads to different malware families sharing code and entire modules.