On the effectiveness of application characteristics in the automatic classification of malware on smartphones

Abstract

The increase in smartphone usage is providing impetus to malicious actors to target these devices via malware injection. This can be seen in the increasing number of malware identified in the past few years. Android, being the most commonly used platform and one that provides an open architecture, makes it the most common target for malware developers. One possible method to identify malicious code is to use the characteristics of an application such as permissions to identify an application's disposition. This paper describes a method for using application characteristics to classify sample applications as either benign or malware. Both binary and familial classification of malware samples is performed to determine whether each sample is malware or not (i.e., binary classification) and what is the familial provenance of the malware sample (i.e. familial classification). The results compare the effectiveness of the familial classification of three different commercial anti-virus engine taxonomies.