Ensemble Learning on a Weak Correlated Android Malware data using Stratified K-Fold

In Android apps communicates with other apps by using Intent or PendingIntent. An Intent enables Android applications to share information between apps (like data, action, etc.,), and the PendingIntent delegate’s authority to other apps to perform the required action in the future. Android supports apps to collaborate with any $3^{\mathrm{rd}}$ party apps using a flexible communication model called Implicit Intent-based Communication. Though this communication channel is effective in collaboration it is unprotected and unsafe by default. Any application (even malware) can register to this implicit channel, and thereby can sniff the intents exchanged through the channel, making it vulnerable to malware attacks. In case, if an app is exchanging its sensitive data like GPS location or exchanging PendingIntent using implicit intents, in turn, this leads to unauthorized access and privilege escalation attacks. In this paper, we leverage the machine-learning techniques for security predictions in order to identify such possible threats from the apps’ binary inspection, and thereby our research can assist cyber forensic tools to identify the vulnerabilities caused by dynamic characteristics present in an application before executing the application itself. This paper presents a statistical model to analyze the malware nature of a mobile application: (1) based on the PendingIntent Flag usages, and (2) based on the type of Broadcast across apps. Our app classification achieved an F-score of 78.7%.