Android App-Collusion Detection Using A Kernel-Based Support Vector Machine
Abstract
Android application collusion is an attack scenario where two or more apps work together to achieve a malicious goal by executing a threat. The threat can be in the form of information theft, service misuse, etc. This paper proposes a novel method to detect Android app-collusion. The technique consists of using a kernel-based Support Vector Machine (SVM) and a decision function. We train the kernel-based SVM with a dataset of benign and malicious Android applications. Then, we use the parameters of the trained SVM and the decision function to detect Android app-collusion. The decision function is a lightweight discriminative function which uses a small set of parameters as compared to the number of training samples used for training kernel-based classifier. Our method is multi-purpose, which means we can use the decision function to detect both colluding apps and single malicious apps.