Skip to main content
SpringerLink
Log in
Book cover

International Conference on Algorithms and Architectures for Parallel Processing

ICA3PP 2018: Algorithms and Architectures for Parallel Processing pp 399–414Cite as

Android Malware Detection Using Category-Based Permission Vectors

  • Conference paper
  • First Online:

  • 1968 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11337))

Abstract

With the drastic increase of smartphone adoption, malware attacks on smartphones have emerged as serious privacy and security threat. Kaspersky Labs detected and intercepted a total of 5,730,916 malicious installation packages in 2017. To curb this problem, researchers and various security laboratories have developed numerous malware analysis models. In Android based smartphones, permissions have been an inherent part of such models. Permission request patterns can be used to detect behavior of different applications. As applications with similar functionalities should use permission requests in similar ways, they can be used to distinguish different types of apps. However, when analysis models are trained on permission vectors extracted from a mixture of applications without maintaining any differences that naturally exist among different application categories, aggregated results can miss details and this can result in errors. In this paper, we propose a permission analysis model for android applications which includes a classification module and a malware detection module based on application permission vectors to deal with Android malware detection problem. We mine the benign application permission vector set into 32 categories by mining the similarity of permission vectors, and input malicious application permission vector sets into the model to obtain class labels, then extract sensitive features from different classes. Finally, sensitive features of each class are respectively input into the machine learning algorithm to obtain a classification model of malicious and benign applications. Our experimental results show that our model can achieve 93.66% accuracy of detecting malware instances.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Google: Android Security 2017 Year in Review (2018)

    Google Scholar 

  2. Statista: Cumulative Number of Apps Downloaded from the Google Play as of May 2016. https://www.statista.com/statistics/281106/number-of-android-app-downloads-from-google-play/. Accessed 20 June 2018

  3. Qihoo 360: Mobile Security Report. http://bbs.360.cn/thread-14972358-1-1.html. Accessed 20 June 2018

  4. Kaspersky Labs: Mobile Malware Evolution (2017). https://securelist.com/mobile-Malware-review-2017/84139/. Accessed 20 June 2018

  5. Symantec: Latest Intelligence for March 2016. In: Symantec Official Blog (2016)

    Google Scholar 

  6. Drake, J., Lanier, Z., Mulliner, C., et al.: Android Hacker’s Handbook. Wiley, Hoboken (2014)

    Google Scholar 

  7. Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutors. 17, 998–1022 (2015)

    Article  Google Scholar 

  8. Sokolova, K., Perez, C., Lemercier, M.: Android application classification and anomaly detection with graph-based permission patterns. Decis. Support Syst. 93, 62–76 (2017)

    Article  Google Scholar 

  9. Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Android malware detection. IEEE Trans. Ind. Inform. 14(7), 3216–3225 (2018)

    Article  Google Scholar 

  10. Felt, A., Chin, E., Hanna, S.: Android permissions demystified. In: Proceedings of 18th ACM Conference on Computer and Communications Security - CCS 2011, pp. 627–636 (2011)

    Google Scholar 

  11. Peng, H., et al.: Using probabilistic generative models for ranking risks of Android apps. In: Proceedings of 2012 ACM Conference on Computer and Communications Security - CCS 2012, p. 241 (2012)

    Google Scholar 

  12. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of 16th ACM Computer and Communications Security. - CCS 2009, p. 235 (2009)

    Google Scholar 

  13. Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T.: DAPASA: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans. Inf. Forensics Secur. 12, 1772–1785 (2017)

    Article  Google Scholar 

  14. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294 (2012)

    Google Scholar 

  15. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of 19th Annual Network and Distributed System Security Symposium, pp. 5–8 (2012)

    Google Scholar 

  16. Hao, H., Singh, V., Du, W.: On the effectiveness of API-level access control using bytecode rewriting in Android. In: Proceedings of 8th ACM SIGSAC Symposium on Information, Computer and Communications Security - ASIA CCS 2013, p. 25 (2013)

    Google Scholar 

  17. Bu, K., Xu, M., Liu, X., Luo, J., Zhang, S., Weng, M.: Deterministic detection of cloning attacks for anonymous RFID systems. IEEE Trans. Ind. Inform. 11, 1255–1266 (2015)

    Article  Google Scholar 

  18. Cruz, T., et al.: A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Trans. Ind. Inform. 1, 1–10 (2016)

    Google Scholar 

  19. G. Android: Requesting permissions. https://developer.android.google.cn/guide/topics/permissions/overview#normal-dangerous

  20. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9, 1869–1882 (2014)

    Article  Google Scholar 

  21. Xu, W., Zhang, F., Zhu, S.: Permlyzer: analyzing permission usage in Android applications. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, pp. 400–410 (2013)

    Google Scholar 

  22. Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of 2014 Network and Distributed System Security Symposium (2014)

    Google Scholar 

  23. Google Play Homepage. https://play.google.com/store. Accessed 19 June 2018

  24. Huawei App Store Homepage. http://appstore.huawei.com/soft/list. Accessed 20 June 2018

  25. Xiao MI App Store Homepage. http://app.mi.com/. Accessed 20 June 2018

  26. Application Details Query Interface. http://code.google.com/p/android-market-api/. Accessed 19 May 2018

  27. Malicious App Sharing Site. https://virusshare.com/. Accessed 20 June 2018

  28. Application Analyzing Tool. http://code.google.com/p/androguard/. Accessed 25 Apr 2018

  29. Android Malicious Application Sharing. https://contagiominidump.blogspot.com/. Accessed 20 June 2018

  30. Ali, S., Wang, G., Cottrell, R.L., Anwar, T.: Detecting anomalies from end-to-end internet performance measurements (PingER) using cluster based local outlier factor. In: 2017 IEEE ISPA/IUCC, pp. 982–989 (2017)

    Google Scholar 

  31. Fuchs, A.P., Chaudhuri, A., Foster, J.: SCanDroid : automated security certification of android applications. Read, vol. 10, p. 328 (2010)

    Google Scholar 

  32. Ali, S., Wang, G., Xing, X., Cottrell, R.L.: Substituting missing values in end-to-end internet performance measurements using k-nearest neighbors. In: 2018 IEEE 16th International Conference on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), pp. 919–926. IEEE, August 2018

    Google Scholar 

  33. Davies, D.L., Bouldin, D.W.: A cluster separation measure. IEEE Trans. Pattern Anal. Mach. Intell. PAMI-1, 224–227 (1979)

    Article  Google Scholar 

  34. Fornasini, P.: The Uncertainty in Physical Measurements (2008)

    Book  Google Scholar 

  35. Ali, S., Wang, G., Cottrell, R.L., Masood, S.: Internet performance analysis of South Asian countries using end-to-end internet performance measurements. In: 2017 IEEE ISPA/IUCC, pp. 1319–1326 (2017)

    Google Scholar 

Download references

Acknowledgments

This work is supported in part by the National Natural Science Foundation of China under Grants 61632009 & 61472451, in part by the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006 and High-Level Talents Program of Higher Education in Guangdong Province under Grant 2016ZJ01, in part by Basic Innovation Project of Guangzhou University under Grant 2017GDJC-M18 and CERNET Innovation Project under Grant NGII20170102.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Guangzhou University, Guangzhou, 510006, People’s Republic of China

    Xu Li, Guojun Wang, Saqib Ali & QiLin He

Authors
  1. Xu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guojun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saqib Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. QiLin He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guojun Wang .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, X., Wang, G., Ali, S., He, Q. (2018). Android Malware Detection Using Category-Based Permission Vectors. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05063-4_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05062-7

  • Online ISBN: 978-3-030-05063-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation