Android application evolution and malware detection
Android has dominated the mobile market for a few years now, and continues to increase its market share. Meanwhile, Android has seen a sharper increase in malware. It is a matter of utmost urgency to find a better way to detect Android malware. In this thesis, we use static code analysis to extract the android application security features and two different classification models to detect Android malware. Our permissions-based classification model can achieve 96.5% accuracy, 97.2% TPR and 95.5% TNR with lower overhead. Comparing with others’ work, our results increase the accuracy by 4.9%, TPR by 5.6% and TNR by 3.9%. By using multiple security metrics in the classification model, the detection rate increases to 99.3% accuracy, 99.5% TPR and 99% TNR. Moreover, we investigate Android application security evolution. The data shows that more than half applications have security vulnerabilities and/or dangerous behaviors. The security problems remain or even worse in the updated versions of most applications. Based on this result, we argue that there can be higher chance to impose update attack, where, the malware is contained in the updated version of a benign application. Our multiple-metrics based classification model is adapted to detect the update attack and can achieve similar or even better detection rate based on our initial results.