Cascade Learning for Mobile Malware Families Detection through Quality and Android Metrics

Considering the increasing diffusion of mobile devices, attackers started to explore the possibility to perpetrate attacks using mobile surfaces (i.e., smartphones and tablets). Unfortunately, common antimalware techniques are often ineffective to detect new threats with the current signature based approach mainly adopted. In this we paper propose a set of features with the aim to discriminate between malware and trusted mobile applications: in detail we design a cascade learner where the first classifier of the cascade performs a coarse-grain analysis (it discriminates between malware and legitimate apps), while the second one performs a fine-grain analysis (it is aimed to identify the malware family). We obtain a precision equal to 0.947 and a recall equal to 0.962 in legitimate samples identification, while a precision equal to 0.961 and a recall equal to 0.946 is obtained in malware detection. With regard to family identification, an average precision and recall of 0.961 is obtained across 12 malware families.