The popularity of Android prompts cyber-criminals to create malicious apps that can compromise security and confidentiality of the mobile systems. Analysing the permissions requested by an app is one of the methods to detect if it is malware or not. However, taking all the permissions available in the Android system into account can result in a model with increased complexity. To tackle this, a malware detection system is needed as both efficient and employable for real-time usage. In this study, a preprocessing module has been developed that comprises of five different data reduction techniques to identify the minimal set of permission. The preprocessing resulted in a ten-dimensional vector in place of 113 permissions. It is also observed that the performance of a decision tree trained just with these ten dimensions is as the one trained with all 113 permissions. The proposed malware detection system achieves an accuracy of 94.3% on unknown malware samples. The system outperforms others in terms of recall attributed to lower false negative prediction. Further, it categorises the malware samples into 45 families using a clustering approach. An android application has also been developed using a built model for real-time usage.

中文翻译：

---

使用独立于模型的修剪改进了基于实时权限的恶意软件检测和聚类方法

Android的流行促使网络犯罪分子创建恶意应用程序，这些应用程序可能损害移动系统的安全性和机密性。分析应用程序请求的权限是检测应用程序是否为恶意软件的方法之一。但是，考虑到Android系统中所有可用的权限，可能会导致模型的复杂性增加。为了解决这个问题，需要一种既有效又可用于实时使用的恶意软件检测系统。在这项研究中，开发了一个预处理模块，该模块包含五种不同的数据缩减技术，以识别最小权限集。预处理产生了一个十维矢量，代替了113个权限。还可以观察到，仅用这十个维度训练的决策树的性能就象具有所有113个权限的训练的树一样。拟议的恶意软件检测系统对未知恶意软件样本的准确性达到94.3％。在归因于较低的假阴性预测的召回率方面，该系统优于其他系统。此外，它使用聚类方法将恶意软件样本分为45个家族。还使用内置模型开发了Android应用程序以供实时使用。