Android Malware Classification and Optimisation Based on BM25 Score of Android API

Abstract

With the growth of Android devices, there is a rise in malware applications affecting these networked devices. Android malware classification is an important task in ensuring the security and privacy of Android devices. One promising approach to this problem is to capture the difference in the usage of API in benign and malware applications through the BM25 (Best Matching 25) scoring function by calculating the BM25 score of each API (Application Program Interface). A linear regression model is fitted using the BM25 score to select the 1000 most important APIs using the feature importance weight of the linear regression model. The selected API's BM25 score and the Permission and Intents of an application are used to train Naive Bayes, Random Forest, Decision Tree, Support Vector Machine, and CNN (Convolutional Neural Network) for classification. To illustrate the effectiveness of using the BM25 score of APIs for malware classification, we train the optimised Particle Swarm Optimisation (PSO) based Machine learning and Deep Learning algorithms using Permission and Intents features with and without the BM25 score. Experiments show that the BM25 score improves the result. Overall, this study demonstrates the potential of using the BM25 score of API calls, in combination with Permissions and Intents, as a valuable tool for Android malware classification.</p