Malware Detection in Android Phones

The smartphone has rapidly become an extremely prevalent computing platform, with just over 115 million devices sold in the third quarter of 2011, a 15% increase over the 100 million devices sold in the first quarter of 2011, and a 111% increase over the 54 million devices sold in the first quarter of 2010. Android in particular has seen even more impressive growth, with the devices sold in the third quarter of 2011 (60.5 million) almost triple the devices sold in the third quarter of 2010 (20.5 million), and an associated doubling of market share. This popularity has not gone unnoticed by malware authors. Despite the rapid growth of the Android platform, there are already well-documented cases of Android malware, such as DroidDream, which was discovered in over 50 applications on the official Android market in March 2011. Furthermore, it is found that Android’s built-in security features are largely insufficient, and that even non malicious programs can (unintentionally) expose confidential information. A study of 204,040 Android applications conducted in 2011 found 211 malicious applications on the official Android market and alternative marketplaces.

The problem of using a machine learning-based classifier to detect malware presents the challenge: Given an application, we must extract some sort of feature representation of the application. To address this problem, we extract a heterogeneous feature set, and process each feature independently using multiple kernels.We train a One-Class Support Vector Machine using the feature set we get to classify the application as a benign or malware accordingly.