Edinburgh Napier University

  Every Android malware sample generally belongs to a specific family that performs a similar set of actions and characteristics. Having the ability to effectively identify Android malware families can assist in addressing the damage caused by malware. This paper aims to evaluate the effectiveness of weighted majority voting, when attempting to identify Android malware families. The results of the comparison between the approach developed in this project and other approaches showed that this approach does perform better than some previous approaches. A comparison was also made between the individual classifiers and the weighted majority voting classifier. This comparison showed that in general k-Nearest Neighbors and ExtraTrees performed the best, with the weighted majority voting model performing slightly behind. The evaluation results show this approach could be a viable way of identifying families of An-droid malware. However, the process of selecting the best features could be improved. In addition to this, the method for calculating weights could also be altered which could improve results as currently there is little variation between each individual weight. Further improvements could also be made by exploring other potential features, such as dynamic features, however, this would come at a cost of time.