Adapting Text Categorization for Manifest based Android Malware Detection

Onder Coban, Selma Ayse Ozel


There are mainly three different approaches to detect malwares: i) static, ii) dynamic, and iii) hybrid. Static approach uses static source of the program without executing it. Dynamic approach, on the other hand, executes the program in a controlled environment and obtains information from operating system during runtime. Hybrid approach, as its name implies, is the combination of these two approaches. Although static approach may seem to have some disadvantages, it is highly preferred because of its lower cost. In this paper, we assume that obfuscated malware is processed by dynamic analysis and perform static malware detection based on text categorization methods. To reach our goal, we apply text mining techniques like feature extraction by using bag-of-words, n-grams, etc. from \texttt{manifest content} of programs to investigate the effectiveness of the malware detection. Our experimental results revealed that our approach is capable of detecting malicious applications with an accuracy between 94.0% and 99.3%.


Android, malware detection, text categorization, machine learning

Full Text:




  • There are currently no refbacks.