The rapid growth of Android apps and its worldwide popularity in the smartphone market has made it an easy and accessible target for malware. In the past few years, the Android operating system (AOS) has been updated several times to fix various vulnerabilities. Unfortunately, malware apps have also upgraded and adapted to this evolution. The ever-increasing number of native AOS permissions and developers’ ability to create custom permissions provide plenty of options to gain control over devices and private data. Therefore, newly created permissions could be of great importance in detecting current malware. Previous popular works on malware detection used apps collected during 2010–2012 to propose malware detection and classification methods. A majority of permissions used in those apps are not as widely used or do not exist anymore. In this work, we present a novel malware detection framework for Android called NATICUSdroid, which investigates and classifies benign and malware using statistically selected native and custom Android permissions as features for various machine learning (ML) classifiers. We analyze declared permissions in more than 29,000 benign and malware collected during 2010–2019 to identify the most significant permissions based on the trend. Subsequently, we collect these identified permissions that include both the native and custom permissions. Finally, we use feature selection techniques and evaluate eight ML algorithms for NATICUSdroid to distinguish benign apps from malware. Experimental results show that the Random Forest classifier based model performed best with an accuracy of 97%, a false-positive rate of 3.32%, and an f-measure of 0.96.

Android应用程序的快速增长及其在智能手机市场中的全球知名度使其成为恶意软件的易于访问的目标。在过去的几年中，Android操作系统（AOS）已进行了多次更新，以修复各种漏洞。不幸的是，恶意软件应用程序也已经升级并适应了这种发展。越来越多的本机AOS权限和开发人员创建自定义权限的能力提供了很多选择来控制设备和私有数据。因此，新创建的权限对于检测当前恶意软件可能非常重要。先前有关恶意软件检测的热门作品使用2010-2012年期间收集的应用程序提出了恶意软件检测和分类方法。这些应用程序中使用的大多数权限没有得到广泛使用或不再存在。在这项工作中NATICUSdroid，使用统计选择的本机和自定义Android权限作为各种机器学习（ML）分类器的功能，对良性和恶意软件进行调查和分类。我们分析了2010-2019年期间收集的29000多种良性和恶意软件中的声明权限，以根据趋势确定最重要的权限。随后，我们收集这些标识的权限，其中包括本机权限和自定义权限。最后，我们使用功能选择技术并对NATICUSdroid评估八种ML算法，以区分恶意软件和良性应用。实验结果表明，基于随机森林分类器的模型以97％的准确率，3.32％的假阳性率和0.96的f测度表现最佳。