|Student Name:||John Guptill, 1LT|
|Thesis:||Examining Application Components to Reveal Android Malware|
|Location:||Bldg 640, Room 247|
|Date & Time:||02/25/2013 at 0900|
|Abstract:|| Smartphones are becoming ubiquitous in everyday life and malware is exploiting these devices. Therefore, a means to identify the threats of malicious Applications is necessary. This paper presents a method to classify and analyze Android malware through application component analysis. The experiment parses select portions from Android packages to collect features using byte sequences and permissions of the application. Multiple machine learning algorithms classify the samples of malware based on these features. The experiment utilizes instance based learner, naïve Bayes, decision trees, sequential minimal optimization, boosted naïve Bayes, and boosted decision trees to identify the best components that reveal malware characteristics. The best case classifies malicious applications with an accuracy of 99.24% and an area under curve of 0.9890 utilizing boosted decision trees. This method does not require scanning the entire application and provides high true positive rates. This thesis investigates the components to provide malware classification.