Random Forest Classification for Android Malware

Classification techniques such as Support Vector Machines, K-Nearest Neighbours, Decision Trees, Logistic Regression and Naive Bayes have widely been used in the area of intrusion detection research in the security community. They are predominantly used for behaviour based detection methods (anomaly detection methods). In this paper we exclusively apply the ensemble learning algorithm Random Forest supervised classifier on a dataset [2] of 48919 points of 42 features. The features are obtained from emulating user action using adb-monkey [8] on unrooted1 Android device emulators. Our goal was to measure the accuracy of Random Forest in classifying Android application behaviour to classify applications as malicious or benign. Moreover, we wanted to focus on detection rates as the number of trees and number of features selected are varied for the Random Forest algorithm. Our experimental results based on 5-fold cross validation of our dataset shows that Random Forest performs very well with an accuracy of over 99 percent in general, an out of bag error [3] of 0.0008 or less for forests of 20 trees or more, and gives root mean squared error of 0.0291 or less.