MADAM (Multi-level Anomaly Detector for Android Malware) is a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors. MADAM has been specifically designed to take into account those behaviors that are characteristics of almost every real malware which can be found in the wild.

MADAM detects and effectively blocks more than 96% of malicious apps, which come from three large datasets with more than 2,800 apps, by exploiting the cooperation of two parallel classifiers and a behavioral signature-based detector. Extensive experiments have been conducted to show the high usability of MADAM, the low false alarm rate, the negligible performance overhead and limited battery consumption.


Main designers and developers: Andrea Saracino (andrea.saracino at iit dot cnr dot it) and Daniele Sgandurra (d.sgandurra at imperial dot ac dot uk).

Link to zip with MADAM apk and installation info (use it only for research purposes).

Link to malware dataset info and results (2810 apps).
Link to goodware dataset info and results (9804 apps).