This project detects malicious Android applications based on the permissions listed in their AndroidManifest.xml file. It uses an ensemble of XGBoost and Random Forest classifiers trained on Android Permissions dataset, with a custom threshold on prediction probability for classification.
Dataset Used : https://archive.ics.uci.edu/dataset/722/naticusdroid+android+permissions+dataset
This program depends on apktool as an external dependency.
- Download latest version of apktool JAR file from here
- Replace the placeholder in the .env file with the full path to the downloaded apktool.jar file.
- Ensure you have java installed, in order to run apktool.
- Clone the repository :
git clone https://github.com/B-codes-core/AndroidMalwareDetector.git - Edit the .env file to include the full path of the apktool.jar you downloaded.
- Create a python virtual environment :
python -m venv apkvenv - Activate the virtual environment
- Install dependencies :
pip install -r requirements.txt - Run the app :
streamlit run app.py
- Upload an Android APK file
- The application decompiles the APK using apktool
- Permissions are extracted from the AndroidManifest.xml file
- The permissions are converted to features for machine learning analysis
- Two models (XGBoost and Random Forest) analyze the features
- An ensemble prediction is made based on both models