In the past few years, smartphones popularity has grown exponentially. This has led to the equivalent growth in their related attacks and vulnerability exploitations. Especially, Android, one of the prominent smartphone operating system has contributed to the highest market share since its release in 2008. It is reported that malwares targeting Google’s Android platform has increased nearly six-fold in the third quarter of 2012.
In this thesis project, we propose Sandroid; a malware detection and classification framework based on support vector machines (SVM) using extracted features from the AndroidManifest file. The SVM vector construction uses distinct features such as sets of critical permissions requested, the number of total permissions and the risk weight calculated through the combination of permissions in an application. Our implementation results for 3197 benign apps collected from Google Play and 372 malware apps from different sources show that Sandroid achieves 98% detection accuracy, greater than any existing methods.
