Machine learning spots malicious Android apps by examining what permissions they request
This paper presents a machine learning approach to detect malicious Android applications through APK permission analysis. It evaluates multiple classifiers including Random Forest, SVM, LDA, and Light GBM, demonstrating that Random Forest achieves superior performance with 99.11% accuracy in identifying malware.
-----
https://arxiv.org/abs/2412.03894
🔍 Original Problem:
→ Android's open-source nature makes it vulnerable to malware attacks, with over 970 million malware pieces currently circulating
→ Traditional antivirus tools only detect known threats, leaving systems exposed to new malware
-----
🛠️ Solution in this Paper:
→ The system analyzes APK permissions and Binder API features to detect malicious behavior
→ It implements four machine learning classifiers: Support Vector Machines, Random Forest, Linear Discriminant Analysis, and Light GBM
→ Random Forest classifier uses 140 trees with maximum depth of 22, optimized through GridSearchCV
-----
💡 Key Insights:
→ Permission-based features provide reliable indicators of malicious behavior
→ Random selection of features in Random Forest reduces noise sensitivity
→ Real-time monitoring remains challenging despite high accuracy
-----
📊 Results:
→ Random Forest achieved 99.11% accuracy, 99.53% recall, 99.88% precision
→ Light GBM showed 97.76% accuracy with 98% recall and precision
→ SVM and LDA performed lower at 93.81% and 95.05% accuracy respectively
