DroidDetective is a Python software for analysing Android functions (APKs) for potential malware associated behaviour and configurations. When supplied with a path to an software (APK file) Droid Detective will make a prediction (utilizing it is ML mannequin) of if the applying is malicious. Options and qualities of Droid Detective embrace:
- Analysing which of ~330 permissions are specified within the software’s
AndroidManifest.xmlfile. - Analysing the variety of customary and proprietary permissions in use within the software’s
AndroidManifest.xmlfile. - Utilizing a RandomForest machine studying classifier, educated off the above information, from ~14 malware households and ~100 Google Play Retailer functions.
Set up
All DroidDetective dependencies will be put in manually or by way of the necessities file, with
pip set up -r REQUIREMENTS.txtDroidDetective has been examined on each Home windows 10 and Ubuntu 18.0 LTS.
Utilization
DroidDetective will be run by offering the Python file with an APK as a command line parameter, similar to:
python DroidDetective.py myAndroidApp.apk
If an apk_malware.mannequin file shouldn’t be current, then the tooling will first practice the mannequin and would require a coaching set of APKs in each a folder on the root of the challenge known as malware and one other known as regular. As soon as run efficiently a end result might be printed onto the CLI on if the mannequin has recognized the APK to be malicious or benign. An instance of this output will be seen under:
>> Analysed file 'com.android.camera2.apk', recognized as not malware.
A further parameter will be offered to DroidDetective.py as a Json file to avoid wasting the outcomes to. If this Json file already exists the outcomes of this run might be appended to the Json file.
python DroidDetective.py myAndroidApp.apk output.json
An instance of this output Json is as follows:
{
"com.android.camera2": false,
}DroidDetective is a Python software for analyzing Android functions (APKs) for potential malware associated behaviour. This works by coaching a Random Forest classifier on data derived from each recognized malware APKs and customary APKs out there on the Android app retailer. This tooling comes pre-trained, nonetheless, the mannequin will be re-trained on a brand new dataset at any time.
AndroidManifest.xml file as a function set. This works by making a dictionary of every customary Android permission and setting the function to 1 if the permission is current within the APK. Equally, a function is added for the quantity of permissions in use within the manifest and for the quantity of unidentified permissions discovered within the manifest.The pre-trained mannequin was educated off roughly 14 malware households (every with a number of APK information), situated from ashisdb’s repository, and roughly 100 regular functions situated from the Google Play Retailer.
The under denotes the statistics for this ML mannequin:
Accuracy: 0.9310344827586207
Recall: 0.9166666666666666
Precision: 0.9166666666666666
F-Measure: 0.9166666666666666
The highest 10 highest weighted options (i.e. Android permissions) utilized by this mannequin, for figuring out malware, will be seen under:
