Manilyzer: Automated Android Malware Detection through Manifest Analysis

As the world's most popular mobile operating system, Google's Android OS is the principal target of an ever increasing mobile malware threat. To counter this emerging menace, many malware detection techniques have been proposed. A key aspect of many static detection techniques is their reliance on the permissions requested in the AndroidManifest.xml file. Although these permissions are very important, the manifest also contains additional information that can be valuable in identifying malware, which, however, has not been fully utilized by existing studies. In this paper we present Manilyzer, a system that exploits the rich information in the manifest files, produces feature vectors automatically, and uses state-of-the-art machine learning algorithms to classify applications as malicious or benign. We apply Manilyzer to 617 applications (307 malicious, 310 benign) and find that it is very effective: the accuracy is up to 90%, while the false positives and false negatives are both around 10%. In addition to classifying applications, Manilyzer is used to study the trends of permission requests in malicious applications. Through this evaluation and further analysis, it is clear that malware has evolved over time, and not all malware can be detected through static analysis of manifest files. To address this issue, we briefly explore a dynamic analysis technique that monitors network traffic using a packet sniffer.