MRDroid: A Multi-act Classification Model for Android Malware Risk Assessment

Risk Score (RS) on Android is aiming at offering measurement to users for evaluating the apps' trustworthiness. Much work has been done to assess Android app's risk, but few jobs use various assessment systems to analyze Android apps with various malicious acts. However, it is hard for a single system to analyze those multiple categories Android apps. To overcome such limitations, we propose a multi-act classification model MRDroid for Android malware risk assessment in this paper, which presorts an app to one category, then uses the most suitable subsystem corresponding to that category to analyze the app for giving a RS. Base on this model, we implement an Android malware risk assessment system utilizing a machine learning solution with k-means algorithm for clustering benign and malware samples to various categories and the supervised algorithms for generating specific subsystems. It can be also used for Android malware detection under the condition of human confirmation. Experiments show that MRDroid provides high detection precision and offers stable and reliable risk assessment. Though testing our system using the dataset different from the system used, the result indicates it is also effective in detecting some unknown samples.