Android Malware Detection and Classification using Stacked Machine Learning

Abstract

The widespread use of Android smartphones in daily life can be attributed to the extensive prevalence stemming from the Android OS and the availability of open-source applications. People have become accustomed to performing various tasks, such as online banking transactions, scheduling appointments, attending virtual meetings and classes, and online shopping, on their mobile devices instead of computers. However, the significant use of mobile phones also presents opportunities for attackers to access sensitive and confidential information without the user's knowledge. Intruders often use malicious applications found on the Google Play Store and other third-party app markets. The increased volume of Android malware in recent years has severely threatened human privacy and security. In this paper, we present a novel solution that utilizes a stacking ensemble machine learning approach to detect whether an application is malware or benign, which achieved 98% accuracy and F1-Score, and to identify the malware category with 96% accuracy and F1-Score. We conducted the experiment on the CCCS-CIC-AndMal-2020 dataset, which comprises 27,125 samples. Static features such as permissions, meta-data, and intents were analyzed, and the performance of standard machine learning algorithms was compared to our proposed model. Our results demonstrate that the stacked ensemble model shows promising results for malware detection (binary classification) and malware type classification (multi-class classification).