Optimal Machine Learning Model for Detecting Normal and Malicious Android Apps

안드로이드 정상 및 악성 앱 판별을 위한 최적합 머신러닝 기법

  • Lee, Hyung-Woo (Div. of Computer Engineering, Hanshin University) ;
  • Lee, HanSeong (Dept. of Computer Engineering, Hanshin University)
  • 이형우 (한신대학교 컴퓨터공학부) ;
  • 이한성 (한신대학교 컴퓨터공학과 대학원)
  • Received : 2020.04.20
  • Accepted : 2020.06.23
  • Published : 2020.06.30


The mobile application based on the Android platform is simple to decompile, making it possible to create malicious applications similar to normal ones, and can easily distribute the created malicious apps through the Android third party app store. In this case, the Android malicious application in the smartphone causes several problems such as leakage of personal information in the device, transmission of premium SMS, and leakage of location information and call records. Therefore, it is necessary to select a optimal model that provides the best performance among the machine learning techniques that have published recently, and provide a technique to automatically identify malicious Android apps. Therefore, in this paper, after adopting the feature engineering to Android apps on official test set, a total of four performance evaluation experiments were conducted to select the machine learning model that provides the optimal performance for Android malicious app detection.


  1. Symantec. Internet Security Threat Report. Volume 23. March 2018.
  2. Victor Chebyshev. Mobile malware evolution 2019. February 25, 2020.
  3. D.H.Park, E.J.Myeong and J.B.Yun, "Efficient Detection of Android Mutant Malwares Using the DEX file", Korea Institute Of Information Security And Cryptology, Vol.26, No.4, pp.895-902, 2016.
  4. D.H.Kim, M.G.Lee, M.S.Song and S.J.Cho, "Machine Learning based Android Malware Detection using Gray Scale Images", KOREA INFORMATION SCIENCE SOCIETY, Vol.45, No.1, pp.1245-1247, 2018.
  5. Androguard.
  6. Jupyter Notebook.
  7. Jupyter Lab.
  8. Python.
  9. scikit-learn.
  10. J.W.Jang, J.S.Yun, A.Mohaisen, J.Y.Woo and H.K.Kim. "Detecting and classifying method based on similarity matching of Android malware behavior with profile.", SpringerPlus, Vol.5, No.1, pp.273, 2016.
  11. J.S.Yun, J.W.Jang, and H.K.Kim. "Andro-profiler: anti-malware system based on behavior profiling of mobile malware.", Journal of the Korea Institute of Information Security & Cryptology, Vol.24, No.1, pp.145-154, 2014.
  12. Android Documentation.
  13. S.M.Hwang and H.W.Lee, "Identification of Counterfeit Android Malware Apps using Hyperledger Fabric Blockchain," Journal of Internet Computing and Services, vol. 20, no. 2, pp. 61-68, 2019. DOI: 10.7472/jksii.2019.20.2.61.
  14. H.S.Lee and H.W.Lee, "Consortium Blockchain based Forgery Android APK Discrimination DApp using Hyperledger Composer," Journal of Internet Computing and Services, vol. 20, no. 5, pp. 9-18, 2019. DOI: 10.7472/jksii.2019.20.5.9.
  15. K.W.Bae, K.H.Lee, "Security of Database Based On Hybrid Blockchain," Journal of The Korea Internet of Things Society, Vol.6, No.1, pp.9-15, 2020.