Hybrid Android Malware Detection by Combining Supervised and Unsupervised Learning

Permissions and the network traffic features are the widely used attributes in static and dynamic Android malware detection respectively. However, static permissions cannot detect stealthy malware with update attacks capability, while dynamic network traffic cannot detect the malware samples without network connectivity. Hence, there is a need to build a hybrid model combining both these attributes. In this work, we propose a hybrid malware detector that examines both the permissions and the traffic features to detect malicious Android samples. The proposed approach is based on the combination of Supervised Learning (KNN Algorithm) and Unsupervised Learning (K-Medoids Algorithm). Experimental results demonstrate that hybrid approach gives the overall detection accuracy of 91.98%, better than static and dynamic detection accuracies of 71.46% and 81.13% respectively.