Ultra-lightweight Malware Detection of Android Using 2-level Machine Learning

As Android becoming the most popular smart phone operating system, malicious applications running on the Android platform appears very frequently and poses the major threat to the security of Android. Considering the resources of smart phone are severely limited, a stable, simple and quick malware detection method for Android is indispensable. In this paper, we propose an ultra-lightweight malware detection method which is able to detect unknown malicious Android applications with limited resources. Firstly, a few features are extracted and divided into three sets for every application. Then, these three feature sets are embedded in the corresponding joint vector spaces and we can get apps's feature vectors. After that, feature vectors of every vector space are classified using a machine learning algorithm. Finally, the three classification results are considered as a group and embedded in a new space and classified again. We evaluate our detection with 3427 malicious samples and 1550 benign applications. Experimental results show that our detection approach has a stable performance that the detection accuracy (true-positive rate) is always higher than 98% and the detection procedure costs only 30ms per sample.