Abstract
With the drastic increase of smartphone adoption, malware attacks on smartphones have emerged as serious privacy and security threat. Kaspersky Labs detected and intercepted a total of 5,730,916 malicious installation packages in 2017. To curb this problem, researchers and various security laboratories have developed numerous malware analysis models. In Android based smartphones, permissions have been an inherent part of such models. Permission request patterns can be used to detect behavior of different applications. As applications with similar functionalities should use permission requests in similar ways, they can be used to distinguish different types of apps. However, when analysis models are trained on permission vectors extracted from a mixture of applications without maintaining any differences that naturally exist among different application categories, aggregated results can miss details and this can result in errors. In this paper, we propose a permission analysis model for android applications which includes a classification module and a malware detection module based on application permission vectors to deal with Android malware detection problem. We mine the benign application permission vector set into 32 categories by mining the similarity of permission vectors, and input malicious application permission vector sets into the model to obtain class labels, then extract sensitive features from different classes. Finally, sensitive features of each class are respectively input into the machine learning algorithm to obtain a classification model of malicious and benign applications. Our experimental results show that our model can achieve 93.66% accuracy of detecting malware instances.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Google: Android Security 2017 Year in Review (2018)
Statista: Cumulative Number of Apps Downloaded from the Google Play as of May 2016. https://www.statista.com/statistics/281106/number-of-android-app-downloads-from-google-play/. Accessed 20 June 2018
Qihoo 360: Mobile Security Report. http://bbs.360.cn/thread-14972358-1-1.html. Accessed 20 June 2018
Kaspersky Labs: Mobile Malware Evolution (2017). https://securelist.com/mobile-Malware-review-2017/84139/. Accessed 20 June 2018
Symantec: Latest Intelligence for March 2016. In: Symantec Official Blog (2016)
Drake, J., Lanier, Z., Mulliner, C., et al.: Android Hacker’s Handbook. Wiley, Hoboken (2014)
Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutors. 17, 998–1022 (2015)
Sokolova, K., Perez, C., Lemercier, M.: Android application classification and anomaly detection with graph-based permission patterns. Decis. Support Syst. 93, 62–76 (2017)
Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Android malware detection. IEEE Trans. Ind. Inform. 14(7), 3216–3225 (2018)
Felt, A., Chin, E., Hanna, S.: Android permissions demystified. In: Proceedings of 18th ACM Conference on Computer and Communications Security - CCS 2011, pp. 627–636 (2011)
Peng, H., et al.: Using probabilistic generative models for ranking risks of Android apps. In: Proceedings of 2012 ACM Conference on Computer and Communications Security - CCS 2012, p. 241 (2012)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of 16th ACM Computer and Communications Security. - CCS 2009, p. 235 (2009)
Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T.: DAPASA: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans. Inf. Forensics Secur. 12, 1772–1785 (2017)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294 (2012)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of 19th Annual Network and Distributed System Security Symposium, pp. 5–8 (2012)
Hao, H., Singh, V., Du, W.: On the effectiveness of API-level access control using bytecode rewriting in Android. In: Proceedings of 8th ACM SIGSAC Symposium on Information, Computer and Communications Security - ASIA CCS 2013, p. 25 (2013)
Bu, K., Xu, M., Liu, X., Luo, J., Zhang, S., Weng, M.: Deterministic detection of cloning attacks for anonymous RFID systems. IEEE Trans. Ind. Inform. 11, 1255–1266 (2015)
Cruz, T., et al.: A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Trans. Ind. Inform. 1, 1–10 (2016)
G. Android: Requesting permissions. https://developer.android.google.cn/guide/topics/permissions/overview#normal-dangerous
Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9, 1869–1882 (2014)
Xu, W., Zhang, F., Zhu, S.: Permlyzer: analyzing permission usage in Android applications. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, pp. 400–410 (2013)
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of 2014 Network and Distributed System Security Symposium (2014)
Google Play Homepage. https://play.google.com/store. Accessed 19 June 2018
Huawei App Store Homepage. http://appstore.huawei.com/soft/list. Accessed 20 June 2018
Xiao MI App Store Homepage. http://app.mi.com/. Accessed 20 June 2018
Application Details Query Interface. http://code.google.com/p/android-market-api/. Accessed 19 May 2018
Malicious App Sharing Site. https://virusshare.com/. Accessed 20 June 2018
Application Analyzing Tool. http://code.google.com/p/androguard/. Accessed 25 Apr 2018
Android Malicious Application Sharing. https://contagiominidump.blogspot.com/. Accessed 20 June 2018
Ali, S., Wang, G., Cottrell, R.L., Anwar, T.: Detecting anomalies from end-to-end internet performance measurements (PingER) using cluster based local outlier factor. In: 2017 IEEE ISPA/IUCC, pp. 982–989 (2017)
Fuchs, A.P., Chaudhuri, A., Foster, J.: SCanDroid : automated security certification of android applications. Read, vol. 10, p. 328 (2010)
Ali, S., Wang, G., Xing, X., Cottrell, R.L.: Substituting missing values in end-to-end internet performance measurements using k-nearest neighbors. In: 2018 IEEE 16th International Conference on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), pp. 919–926. IEEE, August 2018
Davies, D.L., Bouldin, D.W.: A cluster separation measure. IEEE Trans. Pattern Anal. Mach. Intell. PAMI-1, 224–227 (1979)
Fornasini, P.: The Uncertainty in Physical Measurements (2008)
Ali, S., Wang, G., Cottrell, R.L., Masood, S.: Internet performance analysis of South Asian countries using end-to-end internet performance measurements. In: 2017 IEEE ISPA/IUCC, pp. 1319–1326 (2017)
Acknowledgments
This work is supported in part by the National Natural Science Foundation of China under Grants 61632009 & 61472451, in part by the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006 and High-Level Talents Program of Higher Education in Guangdong Province under Grant 2016ZJ01, in part by Basic Innovation Project of Guangzhou University under Grant 2017GDJC-M18 and CERNET Innovation Project under Grant NGII20170102.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, X., Wang, G., Ali, S., He, Q. (2018). Android Malware Detection Using Category-Based Permission Vectors. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-05063-4_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05062-7
Online ISBN: 978-3-030-05063-4
eBook Packages: Computer ScienceComputer Science (R0)