Ensemble Machine Learning Approach for Android Malware Classification Using Hybrid Features

Pektas A., ACARMAN T.

10th International Conference on Computer Recognition Systems (CORES), Polanica Zdroj, Poland, 22 - 24 May 2017, vol.578, pp.191-200 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 578
  • Doi Number: 10.1007/978-3-319-59162-9_20
  • City: Polanica Zdroj
  • Country: Poland
  • Page Numbers: pp.191-200
  • Keywords: Malware, Classification, Feature, Ensemble machine learning


Feature-based learning plays a crucial role at building and sustaining the security. Determination of a software based on its extracted features whether a benign or malign process, and particularly classification into a correct malware family improves the security of the operating system and protects critical user's information. In this paper, we present a novel hybrid feature-based classification system for Android malware samples. Static features such as permissions requested by mobile applications, hidden payload, and dynamic features such as API calls, installed services, network connections are extracted for classification. We apply machine learning and evaluate the level in classification accuracy of different classifiers by extracting Android malware features using a fairly large set of 3339 samples belonging to 20 malware families. The evaluation study has been scalable with 5 guest machines and took 8 days of processing. The testing accuracy is reached at 92%.