Towards a Network-Based Framework for Android Malware Detection and Characterization

Mobile malware is so pernicious and on the rise, accordingly having a fast and reliable detection system is necessary for the users. In this research, a new detection and characterization system for detecting meaningful deviations in the network behavior of a smart-phone application is proposed. The main goal of the proposed system is to protect mobile device users and cellular infrastructure companies from malicious applications with just 9 traffic feature measurements. The proposed system is not only able to detect the malicious or masquerading apps, but can also identify them as general malware or specific malware (i.e. adware) on a mobile device. The proposed method showed the average accuracy (91.41%), precision (91.24%), and false positive (0.085) for five classifiers namely; Random Forest (RF), K-Nearest Neighbor (KNN), Decision Tree (DT), Random Tree (RT) and Regression (R). We also offer a labeled dataset of mobile malware traffic with 1900 applications includes benign and 12 different families of both adware and general malware.