This is a malicious Android application detector with permission fingerprinting technology.
It is easy to use - you just need to feed it an apk file and it will tell you whether it is malicious and how confidence this detector is to the result.
It is platform independent - you can run it in any Linux release and macOS
- The rights for apktool belong to apktool community.
- The rights for androguard belong to Anthony Desnos & Geoffroy Gueguen
- The rights for Python belong to Python Software Foundation
Permission Based Malware Detector ("PBMD?") requires you to have the following software/libraries installed:
| Software/Libraries | Required?/Optional? |
|---|---|
| Python 2.7 or 3.X | Required |
| apktool (it's a jar file and a bash launcher) | Required |
| androguard | Required |
| PScout | Optional |
| scikit-learn | Required |
04/26/2018: First release. It only supports API level 22 now. The models can be used are Random Forest or Neural Network
Please make sure you have the libraries above properlly installed. The body of Permission Based Malware Detector can be cloned from Github
After the cloning, come to the src folder and execute with the following commands:
python3 main.py <sampleAPK.apk> 22 noretrain random_forest allThis command can be interpreted as:
"analyze the sampleAPK with API level 22, use Random Forest as the training model do not retrain the model, use all as the feature selection policy"
| Argument | Positional?/Optional? | Type | Possible Value |
|---|---|---|---|
| apk_path | Positional | string | a valid path |
| api_level | Positional | integer | a number that is a valid APK level |
| retrain option | Optional (default no retrain) | string | retrain / noretrain |
| model type | Optional (default Random Forest) | string | random_forest (so far) |
| feature selection policy | Optional (default all) | string | all / API_Only / Permission_Only |