Examining Application Components to Reveal Android Malware

Author

John B. Guptill

Date of Award

3-21-2013

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Thomas E. Dube, PhD.

Abstract

Smartphones are becoming ubiquitous in everyday life and malware is exploiting these devices. Therefore, a means to identify the threats of malicious applications is necessary. This paper presents a method to classify and analyze Android malware through application component analysis. The experiment parses select portions from Android packages to collect features using byte sequences and permissions of the application. Multiple machine learning algorithms classify the samples of malware based on these features. The experiment utilizes instance based learner, naive Bayes, decision trees, sequential minimal optimization, boosted naive Bayes, and boosted decision trees to identify the best components that reveal malware characteristics. The best case classifies malicious applications with an accuracy of 99.24% and an area under curve of 0.9890 utilizing boosted decision trees. This method does not require scanning the entire application and provides high true positive rates. This thesis investigates the components to provide malware classification.

AFIT Designator

AFIT-ENG-13-M-19

DTIC Accession Number

ADA582439

Recommended Citation

Guptill, John B., "Examining Application Components to Reveal Android Malware" (2013). Theses and Dissertations. 868.
https://scholar.afit.edu/etd/868