(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, No. 6, 2017 60 | Page www.ijacsa.thesai.org Intelligent Hybrid Approach for Android Malware Detection based on Permissions and API Calls Altyeb Altaher, Omar Mohammed Barukab Department of Information Technology, Faculty of Computing and Information Technology-Rabigh, King Abdulaziz University, P.O. Box 344, Jeddah, Saudi Arabia Abstract—Android malware is rapidly becoming a potential threat to users. The number of Android malware is growing exponentially; they become significantly sophisticated and cause potential financial and information losses for users. Hence, there is a need for effective and efficient techniques to detect the Android malware applications. This paper proposes an intelligent hybrid approach for Android malware detection using the permissions and API calls in the Android application. The proposed approach consists of two steps. The first step involves finding the most significant permissions and Application Programming Interfaces (API) calls that leads to efficient discrimination between the malware and good ware applications. For this purpose, two features selection algorithms, Information Gain (IG) and Pearson CorrCoef (PC) are employed to rank the individual permissions and API’s calls based on their importance for classification. In the second step, the proposed new hybrid approach for Android malware detection based on the combination of the Adaptive neural fuzzy Inference System (ANFIS) with the Particle Swarm Optimization (PSO), is employed to differentiate between the malware and goodware Android applications (apps). The PSO is intelligently utilized to optimize the ANFIS parameters by tuning its membership functions to generate reliable and more precise fuzzy rules for Android apps classification. Using a dataset consists of 250 goodware and 250 malware apps collected from different recourse, the conducted experiments show that the suggested method for Android malware detection is effective and achieved an accuracy of 89%. Keywords—Android malware detection; features selection; fuzzy inference system; particle swarm optimization I. INTRODUCTION Recently, the use of smartphones in all aspects of our daily lives is increasing continuously. The global shipments of smartphones hit a record 1.4 billion in 2015 [1]. This number has grown 12% compared with the last year. The massive popularity of smartphones have been accompanied with a potential increase in the number of malwares. With Android dominating 82.8% of the market in 2015 [2], Android become the main goal for mobile malware. The number of Android malware applications is increasing continuously. The total number of malware attacking the mobile devices increased more than three times in 2015, compared to that of 2014 [3]. The dangerous threats targeting mobile devices in 2015 were ransomware. Malware can access all the resources in the attacked mobile device, and data stealers, like business malware. Google’s Play store is a market for Android apps, also there are many other third-party stores for Android apps. The Android apps developers use the Google’s Play and third-party stores to publish the apps they developed, and make it available for download and install by users. Detecting the huge number of Android malware and isolating them from application markets is potential and great challenging issue. Very recently in 2016, a significantly sophisticated new form of Android ransomware/Android.Lockdroid.E is detected by Symantec, this variant of ransomware malware employs the accessibility tapjacking method to pose a real threat for more than 67% of Android devices [4]. Several research efforts have been presented for malware detection depending on the Android permissions used in the app. However, using Android permissions only is not enough for accurate detection of malware [5], [6]. Moreover, the existence of permissions in the Android application’s Manifest.xml is not evident that it has been used by app code [7], [8]. On the other hand, some researches [9] consider the API level information only to get the features from big data set, but it requires a large number of features for the discrimination between malware and goodware apps. Moreover, efficient detection of the new and ever-evolving Android malware is a continues challenge. To address these challenges, this paper proposes a new hybrid method for Android malware detection based on the hybridization of the Adaptive neural fuzzy Inference System (ANFIS) with the Particle Swarm Optimization (PSO). This paper has the following contributions: 1) Finding the most significant permissions and API calls that lead to efficient categorization of malware and goodware apps. 2) Designing and implementing a new hybrid approach for Android malware detection based on the combination of (ANFIS) with (PSO). 3) An accurate dataset was collected which consists of 250 goodware and 250 malware apps from different resources including Google’s play. The rest of this paper is structured as: Section 2 presents the related work. Section 3 introduced the employed features and feature selection methods. Section 4 explains the proposed method for Android malware detection. Section 5 presents the experimental results and discussion. Section 6 includes the conclusion and future work.