|
|
--- |
|
|
license: apache-2.0 |
|
|
tags: |
|
|
- android |
|
|
- malware-detection |
|
|
- cybersecurity |
|
|
- static-analysis |
|
|
- mobile-security |
|
|
- mobsf |
|
|
- classification |
|
|
- security |
|
|
pipeline_tag: text-classification |
|
|
metrics: |
|
|
- f1 |
|
|
- precision |
|
|
- recall |
|
|
- accuracy |
|
|
base_model: |
|
|
- microsoft/codebert-base |
|
|
--- |
|
|
|
|
|
# Android Malware Detector (MobSF Companion) |
|
|
|
|
|
## Model description |
|
|
This AI model classifies Android APKs as **benign** or **malicious** using features extracted during analysis with MobSF. |
|
|
Its goal is to complement MobSF reports with a reproducible ML score/decision to support triage prioritization and CI/CD automation. |
|
|
|
|
|
## Intended use |
|
|
|
|
|
### Primary intended uses |
|
|
- Enrich the MobSF pipeline: consume analysis features (permissions) and produce a risk score. |
|
|
- Research/academia: benchmarking Android malware detection models. |
|
|
|
|
|
### Out-of-scope uses |
|
|
- It is not a real-time on-device antivirus. |
|
|
- It does not replace manual analysis, reversing, or signature verification. |
|
|
- It should not be used as the sole criterion for punitive actions (e.g., bans) without review. |
|
|
|
|
|
## How to use (with MobSF) |
|
|
MobSF can be automated via its REST API to upload, scan, and retrieve reports, which makes it possible to integrate this model as a post-scan step. |
|
|
|
|
|
### Minimal pipeline (conceptual) |
|
|
1. Run analysis in MobSF (API). |
|
|
2. Retrieve `report.json` (or another artifact). |
|
|
3. Extract/transform features into the format expected by the model. |
|
|
4. Run inference with the model and attach the result back into the workflow (CI/CD, dashboard, etc.). |
|
|
|
|
|
### USAGE API MOBSF |
|
|
|
|
|
https://github.com/H4ch1rou/NyerAndroidMalwarePOC |
