A Novel Dynamic Android Malware Detection System With Ensemble Learning

With the popularity of Android smartphones, malicious applications targeted Android platform have explosively increased. Proposing effective Android malware detection method for preventing the spread of malware has become an emerging issue. Various features extracted through static and dynamic analysis in conjunction with machine learning algorithm have been the mainstream in large-scale malware identification. In general, static analysis becomes invalid in detecting applications which adopt sophisticated obfuscation techniques like encryption or dynamic code loading. However, dynamic analysis is suitable to deal with these evasion techniques. In this paper, we propose an effective dynamic analysis framework, called EnDroid, in the aim of implementing highly precise malware detection based on multiple types of dynamic behavior features. These features cover system-level behavior trace and common application-level malicious behaviors like personal information stealing, premium service subscription, and malicious service communication. In addition, EnDroid adopts feature selection algorithm to remove noisy or irrelevant features and extracts critical behavior features. Extracting behavior features through runtime monitor, EnDroid is able to distinguish malicious from benign applications with ensemble learning algorithm. Through experiments, we prove the effectiveness of EnDroid on two datasets. Furthermore, we find Stacking achieves the best classification performance and is promising in Android malware detection.