Enhanced Android Malware Detection: An SVM-based Machine Learning Approach

The cybersecurity of increasing numbers of mobile devices and their users are threatened by malicious applications. Detecting malicious Android applications is a challenge due to the massive number of Android applications and their various properties which provide a large set of features and a sparse dataset. We focus on the resources the Android applications call and employ the Application Program Interface (API) calls as features. The dataset used in this work is from an Android environment where malicious and benign applications frequently access the system resources through Android API calls. Since an Android application would invoke a relatively small number of APIs in ordinary scenarios, data in the dataset is inherently sparse and high dimensional. We experimented intensively with 58,602 Android applications as well as 133,227 features (i.e., API Calls). This paper presents a machine-learning-based approach using Support Vector Machines (SVM) to detect malicious Android applications; the new approach delivers results highly competitive with existing approaches.