R-MFDroid: Android Malware Detection using Ranked Manifest File Components

Abstract

With the increasing fame of Android OS over the past few years, the quantity of malware assaults on Android has additionally expanded. In the year 2018, around 28 million malicious applications were found on the Android platform and these malicious apps were capable of causing huge financial losses and information leakage. Such threats, caused due to these malicious apps, call for a proper detection system for Android malware. There exist some research works that aim to study static manifest components for malware detection. However, to the best of our knowledge, none of the previous research works have aimed to find the best set amongst different manifest file components for malware detection. In this work, we focus on identifying the best feature set from manifest file components (Permissions, Intents, Hardware Components, Activities, Services, Broadcast Receivers, and Content Providers) that could give better detection accuracy. We apply Information Gain to rank the manifest file components intending to find the best set of components that can better classify between malware applications and benign applications. We put forward a novel algorithm to find the best feature set by using various machine learning classifiers like SVM, XGBoost, and Random Forest along with deep learning techniques like classification using Neural networks. The experimental results highlight that the best set obtained from the proposed algorithm consisted of 25 features, i.e., 5 Permissions, 2 Intents, 9 Activities, 3 Content Providers, 4 Hardware Components, 1 Service, and 1 Broadcast Receiver. The SVM classifier gave the highest classification accuracy of 96.93% and an F1-Score of 0.97 with this best set of 25 features.