TWO LAYER ANDROID MULTISTAGE MALWARE DETECTION

Abstract

“Better be despised for too anxious apprehensions, than ruined by too confident security.” — Edmund Burke Malware instances are increasing their popularity among public. They are every now and again specified in the media and talked about by experts. This proofs that these Android malware have an undeniably major effect on our everyday lives. It raises questions like how we are ensuring our smart phones, and if this level of protection is sufficient. Without any doubt, the impact of the malware, e.g. WannaCry, which influenced the British health system by disabling certain clinics and crisis services, can be seen as a huge advance in the disastrous effect of malwares. This incident prompted either death or postponed treatment on a remarkable scale. Undoubtedly exceptional progress has been made in securing android systems in the recent years. The detection of an expanding number of vulnerabilities, added with logically shorter periods between updates, is reinforcing the reliability of android smart phones. The proposed thesis work devises malware detection system solely based on machine learning for Android smart phones and provides an extra layer of security and protection to Android based smart phones. This system inspects different features and events collected through the android applications. This system analyses these collective features and perform categorization to label the application as benign or malware with the help of different machine learning based classifiers. In this thesis work, following question is addressed: do malicious applications on Android ask for typically unexpected permissions in comparison to real applications? In view of examination of 1250 malware examples of malicious and 895 benign Android applications, we propose a two level Android malware identification strategy. In this work, Granted permissions are seen as behavioral markers and hence a machine learning classifier is manufactured on those markers. This classifier is used to consequently recognize for never seen applications which may perform unsafe behavior based on permission combinations.