FGFDect: A Fine-Grained Features Classification Model for Android Malware Detection.

In Android malware detection, fine-grained features can provide a more accurate description of the application’s behavior. Nonetheless fine-grained feature extraction has not been done perfectly, hence, invalid features will not only bring additional overhead but also reduce the detection accuracy. In this paper, we propose FGFDect, a malware classification model by mining Android applications for fine-grained features. Our work aims to handle two types of features that frequently appear in Android malware. One of them refers to the permissions that have been registered, but actually not been used. The other is the API called via the reflection mechanism. This information improves the precision of static analysis, which no longer need to make conservative assumptions about coarse-grained features. These two feature sets are fed into the machine learning algorithms to classify the app into benign or malware. FGFDect is evaluated on a large real-world data set consisting of 6400 malware apps and 4600 popular benign apps. Compared with those traditional approaches with coarse-grained features, extensive evaluation results demonstrate that the proposed approach exhibits an impressive detection accuracy of 96.7% with the false positive rate of 0.7%. In addition, the proposed approach complements existing permission-based approaches and API-based approaches.