Machine Learning Based Hybrid Behavior Models for Android Malware Analysis

Malware analysis on the Android platform has been an important issue as the platform became prevalent. The paper proposes a malware detection approach based on static analysis and machine learning techniques. By conducting SVM training on two different feature sets, malicious-preferred features and normal-preferred features, we built a hybrid-model classifier to improve the detection accuracy. With the consideration of normal behavior features, the ability of detecting unknown malwares can be improved. The experiments show that the accuracy is as high as 96.69% in predicting unknown applications. Further, the proposed approach can be applied to make confident decisions on labeling unknown applications. The experiment results show that the proposed hybrid model classifier can label 79.4% applications without false positive and false negative occurred in the labeling process.