ANDROID MALWARE DETECTION USING NEURAL NETWORKS WITH NEAT

Abstract

The Google's Android mobile platform is today's one of the most popular operating system of the smartphones in the market with the shipment of over 1 billion android device in the year 2016, so with the increasing popularity naturally cyber criminal has extended their vicious activities towards Android Operating system. Security researchers had reported the alarming increase in the Android malware detection in 2015. Everyday 700 new applications are released for android platform, so there is the need for a some way of an automated analysis to detect and isolate new malware instantly. Google provides android as the linux based open source mobile operating system platform to the developer which allows them to take full advantage of operating system and to develop system level application but on the other side it is a suitable prone for some users to develop malicious application so that they can be inserted as a safe application in the Google Play Store[1] or over web for their vicious bene ts. The increasing popularity of this android platform is making it a primary target for privacy and security violations. Con dential and highly sensitive data such a text message, contacts, reminder data etc can be accessed through the application and can be leaked through maliciously crafted application. As well as hardware sensors such as GPS can also be privacy concerns by exploiting its data for tracking and monitoring of a person's location. Android security model is based on the permission system, there are over 300 permissions that controls the various resources. Whenever a user tries to install an application the system ask the user to grant the permission of resouces needed by the application which it will be accessing. In this work we use the permission and API calls from the android apps to be used as the features for machine learning methods such as decision tree, Support Vector Machines and Neural Networks. We learn these classi er to identify wether an application is malicious or benign. The inherent advantage of this that there no dynamical tracing of the system by execution of application rather it uses simple static analysis to nd the functions involved with the application. Secondly we have used the NEAT algorithm to develop and evolute the best topology of neural network and achieved the good detection rate of 95% with standard deviation of 0.299% with the ideal structure of neural networks which provides faster processing during the detection. As well we have used the Androguard[2] and APK Tool [3] to extract the permission and API from the APK[4] package to use it as feature set to test wether the application is malware or benign and used the dataset from Kaggle[5] to train our classi ers.