AndroMalPack: Enhancing the ML-based Malware Classification by Detection and Removal of Repacked Apps for Android Systems

Husnain Rafiq*, Nauman Aslam, Muhammad Aleem, Biju Issac, Rizwan Hamid Randhawa

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Due to the widespread usage of Android smartphones in the present era, Android malware has become a grave security concern. The research community relies on publicly available datasets to keep pace with evolving malware. However, a plethora of apps in those datasets are mere clones of previously identified malware. The reason is that instead of creating novel versions, malware authors generally repack existing malicious applications to create malware clones with minimal effort and expense. This paper investigates three benchmark Android malware datasets to quantify repacked malware using package names-based similarity. We consider 5560 apps from the Drebin dataset, 24,533 apps from the AMD and 695,470 apps from the AndroZoo dataset for analysis. Our analysis reveals that 52.3% apps in Drebin, 29.8% apps in the AMD and 42.3% apps in the AndroZoo dataset are repacked malware. Furthermore, we present AndroMalPack, an Android malware detector trained on clones-free datasets and optimized using Nature-inspired algorithms. Although trained on a reduced version of datasets, AndroMalPack classifies novel and repacked malware with a remarkable detection accuracy of up to 98.2% and meagre false-positive rates. Finally, we publish a dataset of cloned apps in Drebin, AMD, and AndrooZoo to foster research in the repacked malware analysis domain.
Original languageEnglish
Article number19534
Number of pages18
JournalScientific Reports
Volume12
Issue number1
DOIs
Publication statusPublished - 14 Nov 2022

Fingerprint

Dive into the research topics of 'AndroMalPack: Enhancing the ML-based Malware Classification by Detection and Removal of Repacked Apps for Android Systems'. Together they form a unique fingerprint.

Cite this