Android Fragmentation in Malware Detection

Differences between Android versions affect not only application developers but also make the task of securing Android harder, as it is not easy to keep track of updates. In this paper, we first systematically analyze the Android framework, which includes APIs and enforced manifest permissions to realize the inconsistency currently exists in the OS. To carry out the analysis, fine-grained machine learning-based classifiers are constructed out of predefined malicious-benign datasets to perform the task of malware detection. We propose the use of multiple feature vectors to build machine learning-based models targeting different ranges of Android API levels. As a result, the process of choosing optimal learning features becomes more efficient while avoids complicating the machine learning model unnecessarily. Also, top features extracted from machine learning models provide us the insights about how important each of them is to specific Android versions. We eventually observe the improvement of detection rates in those fine-grained classifiers compared to a single classifier.