DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model

The Android platform is becoming increasingly popular and various organizations have developed a variety of applications (App) to cater to market trends. Due to the characteristics of the Android platform, such as supporting the unofficial App stores, open source policy and the great tolerance for App verification, it is inevitable that it faces serious problems of malicious software intrusion. In order to protect the users from the serious damages caused by Android malware, we propose a low-cost and high-efficient method to extract permissions, sensitive APIs, monitoring system events and permission-rate as key features, and employ the ensemble Rotation Forest (RF) to construct a model to detect whether an Android App is malicious or not. Specifically, a dataset containing 2,130 samples is used to verify the performance of the proposed method. The experimental results show that the proposed method achieves an high accuracy of 88.26% with 88.40% sensitivity at the precision of 88.16%. To further evaluate the performance of the proposed model, we also compare it with the state-of-the-art Support Vector Machine (SVM) model under the same experimental conditions, and the comparison results demonstrate that the proposed method improves the accuracy by 3.33% compared to SVM. The experimental results show that the proposed model is extremely promising and could provide a cost-effective alternative for Android malware detection.