Android malware classification using static code analysis and Apriori algorithm improved with particle swarm optimization

Several machine learning techniques based on supervised learning have been adopted in the classification of malware. However, only supervised learning techniques have proofed insufficient for malware classification task. This paper presents a classification of android malware using candidate detectors generated from an unsupervised association rule of Apriori algorithm improved with particle swarm optimization to train three different supervised classifiers. In this method, features were extracted from Android applications byte-code through static code analysis, selected and were used to train supervised classifiers. Using a number of candidate detectors, the true positive rate of detecting malicious code is maximized, while the false positive rate of wrongful detection is minimized. The results of the experiments show that the proposed combined technique has remarkable benefits over the detection using only supervised or unsupervised learners.