Android malware detection using multi-stage classification models

Abstract

Android malware is a growing threat to the Android operating system. Various anti-virus tools are developed to detect Android malware. Most of these tools use Machine Learning (ML) algorithms. ML-based methods are robust and can detect future threats. However, we cannot directly deploy these resource-intensive tools on smartphones as smartphones have a limited amount of resources. In this paper, we propose two multi-stage classification models for the classification of Android malware. The first model is a combination of logistic regression and linear Support Vector Machine (SVM). We use a combination of logistic regression, K-means clustering, and linear SVM for the second model. We divide each model into two stages. The first stage involves the training of the classification model. The second stage consists of a decision function that classifies a given app as benign or malware. The proposed classification models can detect both Android malware and colluding app-pairs. Android application-collusion is a special kind of threat. The proposed classification models are low compute-intensive and straightforward to implement.