Top

Published in:

2018 | OriginalPaper | Chapter

Android Malware Detection Using Category-Based Permission Vectors

Authors : Xu Li, Guojun Wang, Saqib Ali, QiLin He

Published in: Algorithms and Architectures for Parallel Processing

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

With the drastic increase of smartphone adoption, malware attacks on smartphones have emerged as serious privacy and security threat. Kaspersky Labs detected and intercepted a total of 5,730,916 malicious installation packages in 2017. To curb this problem, researchers and various security laboratories have developed numerous malware analysis models. In Android based smartphones, permissions have been an inherent part of such models. Permission request patterns can be used to detect behavior of different applications. As applications with similar functionalities should use permission requests in similar ways, they can be used to distinguish different types of apps. However, when analysis models are trained on permission vectors extracted from a mixture of applications without maintaining any differences that naturally exist among different application categories, aggregated results can miss details and this can result in errors. In this paper, we propose a permission analysis model for android applications which includes a classification module and a malware detection module based on application permission vectors to deal with Android malware detection problem. We mine the benign application permission vector set into 32 categories by mining the similarity of permission vectors, and input malicious application permission vector sets into the model to obtain class labels, then extract sensitive features from different classes. Finally, sensitive features of each class are respectively input into the machine learning algorithm to obtain a classification model of malicious and benign applications. Our experimental results show that our model can achieve 93.66% accuracy of detecting malware instances.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter An Efficient Multi-keyword Searchable Encryption Supporting Multi-user Access Control

next chapter Outsourced Privacy Preserving SVM with Multiple Keys

Google: Android Security 2017 Year in Review (2018)

Statista: Cumulative Number of Apps Downloaded from the Google Play as of May 2016. https://www.statista.com/statistics/281106/number-of-android-app-downloads-from-google-play/. Accessed 20 June 2018

Qihoo 360: Mobile Security Report. http://bbs.360.cn/thread-14972358-1-1.html. Accessed 20 June 2018

Kaspersky Labs: Mobile Malware Evolution (2017). https://securelist.com/mobile-Malware-review-2017/84139/. Accessed 20 June 2018

Symantec: Latest Intelligence for March 2016. In: Symantec Official Blog (2016)

Drake, J., Lanier, Z., Mulliner, C., et al.: Android Hacker’s Handbook. Wiley, Hoboken (2014)

Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutors. 17, 998–1022 (2015)CrossRef

Sokolova, K., Perez, C., Lemercier, M.: Android application classification and anomaly detection with graph-based permission patterns. Decis. Support Syst. 93, 62–76 (2017)CrossRef

Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Android malware detection. IEEE Trans. Ind. Inform. 14(7), 3216–3225 (2018)CrossRef

10.

Felt, A., Chin, E., Hanna, S.: Android permissions demystified. In: Proceedings of 18th ACM Conference on Computer and Communications Security - CCS 2011, pp. 627–636 (2011)

11.

Peng, H., et al.: Using probabilistic generative models for ranking risks of Android apps. In: Proceedings of 2012 ACM Conference on Computer and Communications Security - CCS 2012, p. 241 (2012)

12.

Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of 16th ACM Computer and Communications Security. - CCS 2009, p. 235 (2009)

13.

Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T.: DAPASA: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans. Inf. Forensics Secur. 12, 1772–1785 (2017)CrossRef

14.

Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294 (2012)

15.

Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of 19th Annual Network and Distributed System Security Symposium, pp. 5–8 (2012)

16.

Hao, H., Singh, V., Du, W.: On the effectiveness of API-level access control using bytecode rewriting in Android. In: Proceedings of 8th ACM SIGSAC Symposium on Information, Computer and Communications Security - ASIA CCS 2013, p. 25 (2013)

17.

Bu, K., Xu, M., Liu, X., Luo, J., Zhang, S., Weng, M.: Deterministic detection of cloning attacks for anonymous RFID systems. IEEE Trans. Ind. Inform. 11, 1255–1266 (2015)CrossRef

18.

Cruz, T., et al.: A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Trans. Ind. Inform. 1, 1–10 (2016)

19.

G. Android: Requesting permissions. https://developer.android.google.cn/guide/topics/permissions/overview#normal-dangerous

20.

Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9, 1869–1882 (2014)CrossRef

21.

Xu, W., Zhang, F., Zhu, S.: Permlyzer: analyzing permission usage in Android applications. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, pp. 400–410 (2013)

22.

Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of 2014 Network and Distributed System Security Symposium (2014)

23.

Google Play Homepage. https://play.google.com/store. Accessed 19 June 2018

24.

Huawei App Store Homepage. http://appstore.huawei.com/soft/list. Accessed 20 June 2018

25.

Xiao MI App Store Homepage. http://app.mi.com/. Accessed 20 June 2018

26.

Application Details Query Interface. http://code.google.com/p/android-market-api/. Accessed 19 May 2018

27.

Malicious App Sharing Site. https://virusshare.com/. Accessed 20 June 2018

28.

Application Analyzing Tool. http://code.google.com/p/androguard/. Accessed 25 Apr 2018

29.

Android Malicious Application Sharing. https://contagiominidump.blogspot.com/. Accessed 20 June 2018

30.

Ali, S., Wang, G., Cottrell, R.L., Anwar, T.: Detecting anomalies from end-to-end internet performance measurements (PingER) using cluster based local outlier factor. In: 2017 IEEE ISPA/IUCC, pp. 982–989 (2017)

31.

Fuchs, A.P., Chaudhuri, A., Foster, J.: SCanDroid : automated security certification of android applications. Read, vol. 10, p. 328 (2010)

32.

Ali, S., Wang, G., Xing, X., Cottrell, R.L.: Substituting missing values in end-to-end internet performance measurements using k-nearest neighbors. In: 2018 IEEE 16th International Conference on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), pp. 919–926. IEEE, August 2018

33.

Davies, D.L., Bouldin, D.W.: A cluster separation measure. IEEE Trans. Pattern Anal. Mach. Intell. PAMI-1, 224–227 (1979)CrossRef

34.

Fornasini, P.: The Uncertainty in Physical Measurements (2008)CrossRef

35.

Ali, S., Wang, G., Cottrell, R.L., Masood, S.: Internet performance analysis of South Asian countries using end-to-end internet performance measurements. In: 2017 IEEE ISPA/IUCC, pp. 1319–1326 (2017)

Title: Android Malware Detection Using Category-Based Permission Vectors
Authors: Xu Li
Guojun Wang
Saqib Ali
QiLin He
Publisher: Springer International Publishing
Book: Algorithms and Architectures for Parallel Processing
Print ISBN: 978-3-030-05062-7

Electronic ISBN: 978-3-030-05063-4

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-030-05063-4_31

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner