SVM-based Android Application Classification using API Calls

Measuring similarity between a suspicious app and the existing ones in the app store is one of the
existing mechanisms to make the app stores healthy and sustainable against pirated apps, repackaged
apps, and malware. To improve the efficiency of similarity computation between apps, it is essential
to reduce the number of apps to be compared with the suspicious one; the app classification is one of
the methods to achieve this by detecting a possible category for the suspicious app and measuring the
similarity between the suspicious app and only the apps in that category. In this paper, we propose
a technique for app classification by applying support vector machine (SVM). We extract API calls
as a feature for classification from the apps bytecode, consider two candidate features, classes and
methods related to API calls, and carefully analyze which of them is more beneficial for app classification.
In order to evaluate our technique, we conduct extensive experiments with a real-world
dataset.