{"id":13498338,"url":"https://github.com/user1342/DroidDetective","last_synced_at":"2025-03-29T01:30:23.369Z","repository":{"id":38458726,"uuid":"490859573","full_name":"user1342/DroidDetective","owner":"user1342","description":"A machine learning malware analysis framework for Android apps.","archived":false,"fork":false,"pushed_at":"2024-04-14T18:51:25.000Z","size":352,"stargazers_count":125,"open_issues_count":0,"forks_count":21,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-28T19:16:10.108Z","etag":null,"topics":["androguard","android","android-application","artificial-intelligence","machine-learning","malware","malware-analysis","malware-detection","python","random-forest","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/user1342.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"ko_fi":"JamesStevenson"}},"created_at":"2022-05-10T21:02:32.000Z","updated_at":"2025-02-26T22:50:34.000Z","dependencies_parsed_at":"2022-07-14T03:30:33.964Z","dependency_job_id":null,"html_url":"https://github.com/user1342/DroidDetective","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FDroidDetective","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FDroidDetective/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FDroidDetective/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FDroidDetective/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/user1342","download_url":"https://codeload.github.com/user1342/DroidDetective/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246125321,"owners_count":20727408,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["androguard","android","android-application","artificial-intelligence","machine-learning","malware","malware-analysis","malware-detection","python","random-forest","reverse-engineering"],"created_at":"2024-07-31T21:00:22.773Z","updated_at":"2025-03-29T01:30:23.072Z","avatar_url":"https://github.com/user1342.png","language":"Python","readme":"\u003cp align=\"center\"\u003e\n    \u003cimg width=100% src=\"cover.png\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e 🕵️ A machine learning malware analysis framework for Android apps. ☢️ \u003c/p\u003e\n\n\u003cbr\u003e\n\nDroidDetective is a Python tool for analysing Android applications (APKs) for potential malware related behaviour and configurations. When provided with a path to an application (APK file) Droid Detective will make a prediction (using it's ML model) of if the application is malicious. Features and qualities of Droid Detective include:\n- Analysing which of ~330 permissions are specified in the application's ```AndroidManifest.xml``` file. 🙅\n- Analysing the number of standard and proprietary permissions in use in the application's ```AndroidManifest.xml``` file. 🧮\n- Using a RandomForest machine learning classifier, trained off the above data, from ~14 malware families and ~100 Google Play Store applications. 💻\n\n# 🤖 Getting Started \n## Installation \nAll DroidDetective dependencies can be installed manually or via the requirements file, with \n\n``` bash\npip install -r REQUIREMENTS.txt\n```\n\nDroidDetective has been tested on both Windows 10 and Ubuntu 18.0 LTS.\n\n## Usage \nDroidDetective can be run by providing the Python file with an APK as a command line parameter, such as:\n```\npython DroidDetective.py myAndroidApp.apk\n```\nIf an ```apk_malware.model``` file is not present, then the tooling will first train the model and will require a training set of APKs in both a folder at the root of the project called ```malware``` and another called ```normal```. Once run successfully a result will be printed onto the CLI on if the model has identified the APK to be malicious or benign. An example of this output can be seen below:\n\n```\n\u003e\u003e Analysed file 'com.android.camera2.apk', identified as not malware.\n```\n\nAn additional parameter can be provided to ```DroidDetective.py``` as a Json file to save the results to. If this Json file already exists the results of this run will be appended to the Json file.\n\n```\npython DroidDetective.py myAndroidApp.apk output.json\n```\n\nAn example of this output Json is as follows: \n\n```json \n{\n    \"com.android.camera2\": false,\n}\n```\n\n# ⚗️ Data Science | The ML Model\nDroidDetective is a Python tool for analyzing Android applications (APKs) for potential malware related behaviour. This works by training a Random Forest classifier on information derived from both known malware APKs and standard APKs available on the Android app store. This tooling comes pre-trained, however, the model can be re-trained on a new dataset at any time. ⚙️\n\nThis model currently uses permissions from an APKs ```AndroidManifest.xml``` file as a feature set. This works by creating a dictionary of [each standard Android permission](https://gist.github.com/Arinerron/1bcaadc7b1cbeae77de0263f4e15156f) and setting the feature to ```1``` if the permission is present in the APK. Similarly, a feature is added for the amount of permissions in use in the manifest and for the amount of unidentified permissions found in the manifest. \n\nThe pre-trained model was trained off approximately 14 malware families (each with one or more APK files), located from [ashisdb's repository](https://github.com/ashishb/android-malware), and approximately 100 normal applications located from the Google Play Store.\n\nThe below denotes the statistics for this ML model:\n\n```\nAccuracy: 0.9310344827586207\nRecall: 0.9166666666666666\nPrecision: 0.9166666666666666\nF-Measure: 0.9166666666666666\n```\n\nThe top 10 highest weighted features (i.e. Android permissions) used by this model, for identifying malware, can be seen below:\n\n```\n\"android.permission.SYSTEM_ALERT_WINDOW\": 0.019091367939223395,\n\"android.permission.ACCESS_NETWORK_STATE\": 0.021001765263234648,\n\"android.permission.ACCESS_WIFI_STATE\": 0.02198962579120518,\n\"android.permission.RECEIVE_BOOT_COMPLETED\": 0.026398914436102188,\n\"android.permission.GET_TASKS\": 0.03595458598076517,\n\"android.permission.WAKE_LOCK\": 0.03908212881520419,\n\"android.permission.WRITE_SMS\": 0.057041576632290585,\n\"android.permission.INTERNET\": 0.08816028225034145,\n\"android.permission.WRITE_EXTERNAL_STORAGE\": 0.09835914154294739,\n\"other_permission\": 0.10189463965313218,\n\"num_of_permissions\": 0.12392224814084198\n```\n\n\n# 📜 License\n[GNU General Public License v3.0](https://choosealicense.com/licenses/gpl-3.0/)\n","funding_links":["https://ko-fi.com/JamesStevenson"],"categories":["安卓Android","Python","Tools"],"sub_categories":["网络服务_其他","Malware Analysis"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuser1342%2FDroidDetective","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuser1342%2FDroidDetective","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuser1342%2FDroidDetective/lists"}