Android Malware Detection System using Genetic Programming

Nowadays, smartphones and other mobile devices are playing a significant role in the
way people engage in entertainment, communicate, network, work, and bank and shop
online. As the number of mobile phones sold has increased dramatically worldwide, so
have the security risks faced by the users, to a degree most do not realise. One of the
risks is the threat from mobile malware. In this research, we investigate how supervised
learning with evolutionary computation can be used to synthesise a system to detect
Android mobile phone attacks. The attacks include malware, ransomware and mobile
botnets. The datasets used in this research are publicly downloadable, available for use
with appropriate acknowledgement. The primary source is Drebin. We also used
ransomware and mobile botnet datasets from other Android mobile phone researchers.
The research in this thesis uses Genetic Programming (GP) to evolve programs to
distinguish malicious and non-malicious applications in Android mobile datasets. It also
demonstrates the use of GP and Multi-Objective Evolutionary Algorithms (MOEAs)
together to explore functional (detection rate) and non-functional (execution time and
power consumption) trade-offs. Our results show that malicious and non-malicious
applications can be distinguished effectively using only the permissions held by
applications recorded in the application's Android Package (APK). Such a minimalist
source of features can serve as the basis for highly efficient Android malware detection.
Non-functional tradeoffs are also highlight.