Create README.md
Browse files# Android Malware Detector (MobSF Companion)
## Model description
This AI model classifies Android APKs as **benign** or **malicious** (optionally by family) using features extracted during analysis with MobSF.
Its goal is to complement MobSF reports with a reproducible ML score/decision to support triage prioritization and CI/CD automation.
## Intended use
### Primary intended uses
- Enrich the MobSF pipeline: consume analysis features (permissions) and produce a risk score.
- Research/academia: benchmarking Android malware detection models.
### Out-of-scope uses
- It is not a real-time on-device antivirus.
- It does not replace manual analysis, reversing, or signature verification.
- It should not be used as the sole criterion for punitive actions (e.g., bans) without review.
## How to use (with MobSF)
MobSF can be automated via its REST API to upload, scan, and retrieve reports, which makes it possible to integrate this model as a post-scan step.
### Minimal pipeline (conceptual)
1. Run analysis in MobSF (API).
2. Retrieve `report.json` (or another artifact).
3. Extract/transform features into the format expected by the model.
4. Run inference with the model and attach the result back into the workflow (CI/CD, dashboard, etc.).
### Example code (pseudo)
```python
# Pseudocode: replace with your actual implementation.
# 1) Call MobSF API -> get report_json
# 2) features = feature_extractor(report_json)
# 3) y_hat = model.predict(features)
## spanish
## Model description
Este modelo de IA clasifica APKs Android como **benignas** o **maliciosas** (y opcionalmente por familia) usando características extraídas durante el análisis con MobSF.
El objetivo es complementar el reporte de MobSF con una puntuación/decisión ML reproducible para priorización de triage y automatización en CI/CD.
## Intended use
### Primary intended uses
- Enriquecer el pipeline de MobSF: tomar features del análisis (permisos) y producir un score de riesgo.
- Investigación/academia: benchmarking de modelos de detección de malware Android.
### Out-of-scope uses
- No es un antivirus “en tiempo real” en dispositivo.
- No sustituye análisis manual, reversing o verificación de firmas.
- No debe usarse como único criterio para acciones punitivas (p. ej., baneos) sin revisión.
## How to use (with MobSF)
MobSF puede automatizarse vía REST API para subir, escanear y obtener reportes, lo que permite integrar este modelo como un paso posterior (post-scan). [web:7]
### Minimal pipeline (conceptual)
1. Ejecutar análisis en MobSF (API).
2. Obtener `report.json` (u otro artefacto).
3. Extraer/transformar features al formato esperado por el modelo.
4. Inferir con el modelo y adjuntar el resultado al flujo (CI/CD, dashboard, etc.).
### Example code (pseudo)
```python
# Pseudocódigo: reemplaza por tu implementación real.
# 1) Llamas MobSF API -> obtienes report_json
# 2) features = feature_extractor(report_json)
# 3) y_hat = model.predict(features)
|
@@ -0,0 +1,24 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
---
|
| 2 |
+
language:
|
| 3 |
+
- en
|
| 4 |
+
- es
|
| 5 |
+
license: apache-2.0
|
| 6 |
+
tags:
|
| 7 |
+
- android
|
| 8 |
+
- malware-detection
|
| 9 |
+
- cybersecurity
|
| 10 |
+
- static-analysis
|
| 11 |
+
- mobile-security
|
| 12 |
+
- mobsf
|
| 13 |
+
- classification
|
| 14 |
+
- security
|
| 15 |
+
library_name: pytorch
|
| 16 |
+
pipeline_tag: text-classification
|
| 17 |
+
metrics:
|
| 18 |
+
- f1
|
| 19 |
+
- precision
|
| 20 |
+
- recall
|
| 21 |
+
- accuracy
|
| 22 |
+
base_model:
|
| 23 |
+
- microsoft/codebert-base
|
| 24 |
+
---
|