Fine-grained risk level Quantication schemes based on APK metadata

Abstract

The number of security incidents faced by Android users is growing, along with a surge in malware targeting Android terminals. Such malware arrives at the Android terminals in the form of Android Packages (APKs). Various techniques for protecting Android users from such malware have been reported, but most of them have focused on the APK files themselves. Unlike these approaches, we use Web information obtained from online APK markets to improve the accuracy of malware detection. In this paper, we propose category/cluster-based APK analysis schemes that quantify the risk of an APK. The category-based scheme uses category information available on the Web, whereas the clusterbased method uses APK descriptions to generate clusters of APK files. In this paper, the performance of the proposed schemes is verified by comparing their area under the curve values with that of a conventional scheme; moreover, the usability of Web information for the purpose of better quantifying the risks of APK files is confirmed.