Keep calm and know where to focus: measuring and predicting the impact of Android Malware

© 2018, Springer Nature Switzerland AG. Android malware can pose serious security threat to the mobile users. With the rapid growth in malware programs, categorical isolation of malware is no longer satisfactory for security risk management. It is more pragmatic to focus the limited resources on identifying the small fraction of malware programs of high security impact. In this paper, we define a new research issue of measuring and predicting the impact of the detected Android malware. To address this issue, we first propose two metrics to isolate the high impact Android malware programs from the low impact ones. With the proposed metrics, we created a new research dataset including high impact and low impact Android malware samples. The dataset allows us to empirically discover the driving factors for the high malware impact. To characterize the differences between high impact and low impact Android malware, we leverage features from two sources available in every Android application. (1) the readily available AndroidManifest.xml file and (2) the disassembled code from the compiled binary. From these characteristics, we trained a highly accurate classifier to identify high impact Android malware. The experimental results show that our proposed method is feasible and has great potential in predicting the impact of Android malware in general.