Skip to main content
SpringerLink
Log in

PMDS: Permission-Based Malware Detection System

  • Conference paper
Information Systems Security (ICISS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8880))

Included in the following conference series:

Abstract

The meteoric growth of the Android mobile platform has made it a main target of cyber-criminals. Mobile malware specifically targeting Android has surged and grown in tandem with the rising popularity of the platform [3, 5, 4, 6]. In response, the honus is on defenders to increase the difficulty of malware development to curb its rampant growth, and to devise effective detection mechanisms specifically targeting Android malware in order to better protect the end-users.

In this paper, we address the following question: do malicious applications on Android request predictably different permissions than legitimate applications? Based on analysis of 2950 samples of benign and malicious Android applications, we propose a novel Android malware detection technique called Permission-based Malware Detection Systems (PMDS). In PMDS, we view requested permissions as behavioral markers and build a machine learning classifier on those markers to automatically identify for unseen applications potentially harmful behavior based on the combination of permissions they require. By design, PMDS has the potential to detect previously unknown, and zero-day or next-generation malware. If attackers adapt and request for fewer permissions, PMDS will have impeded the simple strategies by which malware developers currently abuse their victims.

Experimental results show that PMDS detects more than 92–94% of previously unseen malware with a false positives rate of 1.52–3.93%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The International Telecommunication Union. The World in 2014: ICT Facts and Figures (2014), http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf

  2. Gartner Forecast: PCs, Ultramobiles, and Mobile Phones, Worldwide, 2011-2018, 2Q 2014 (2014), http://www.gartner.com/document/2780117

  3. Svajcer, V.: Sophos Mobile Security Threat Report (2014)

    Google Scholar 

  4. Panda Security: Annual Report PandaLabs 2013 (2013), http://press.pandasecurity.com/wp-content/uploads/2010/05/Quarterly-Report-PandaLabs-April-June-2013.pdf

  5. F-Secure: F-Secure Mobile Threat Report Q3 2013 (2013), http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q3_2013.pdf

  6. G Data SecurityLabs: G Data Mobile Malware Report H2 2013 (2013), https://blog.gdatasoftware.com/uploads/media/GData_MobileMWR_H2_2013_EN.pdf

  7. Strategy Analytics: Global Smartphone Installed Base by Operating System for 88 Countries: 2007 to 2017 (2012), http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=7834

  8. IDC: More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC (2013), http://www.idc.com/getdoc.jsp?containerId=prUS24085413

  9. Leavitt, N.: Malicious code moves to mobile devices. IEEE Computer 33(12), 16–19 (2000)

    Article  Google Scholar 

  10. Foley, S.N., Dumigan, R.: Are handheld viruses a significant threat? Communications of the ACM 44(1), 105–107 (2001)

    Article  Google Scholar 

  11. Dagon, D., Martin, T., Starner, T.: Mobile Phones as Computing Devices: The Viruses are Coming! IEEE Pervasive Computing 3(4), 11–15 (2004)

    Article  Google Scholar 

  12. Hypponen, M.: State of cell phone malware in 2007. USENIX (2007), http://www.usenix.org/events/sec07/tech/hypponen.pdf

  13. Lawton, G.: Is it finally time to worry about mobile malware? Computer 41(5), 12–14 (2008)

    Article  Google Scholar 

  14. Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. In: IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012), http://www.malgenomeproject.org

  15. Spreitzenbarth, M., Freiling, F.: Android Malware on the Rise. University of Erlangen, Germany, Tech. Rep. CS-2012-04 (2012)

    Google Scholar 

  16. Huang, C.-Y., Tsai, Y.-T., Hsu, C.-H.: Performance evaluation on permission-based detection for android malware. In: Pan, J.-S., Yang, C.-N., Lin, C.-C. (eds.) Advances in Intelligent Systems & Applications. SIST, vol. 21, pp. 111–120. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  17. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (2012)

    Google Scholar 

  18. Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on Android markets. In: Proceedings of the 36th International Conference on Software Engineering, ICSE 2014, pp. 175–186. ACM, New York (2014)

    Chapter  Google Scholar 

  19. Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party Android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 317–326. ACM, New York (2012)

    Google Scholar 

  21. Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)

    Google Scholar 

  22. Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. ACM (2013)

    Google Scholar 

  23. Siddiqui, M., Wang, M.C., Lee, J.: A Survey of Data Mining Techniques for Malware Detection using File Features. In: Proceedings of the 46th Annual Southeast Regional Conference on XX, pp. 509–510. ACM (2008)

    Google Scholar 

  24. Ye, Y., Wang, D., Li, T., Ye, D.: IMDS: Intelligent Malware Detection System. In: Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1043–1047. ACM (2007)

    Google Scholar 

  25. Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data Mining Methods for Detection of New Malicious Executables. In: IEEE Symposium on Security and Privacy (SP), pp. 38–49. IEEE (2001)

    Google Scholar 

  26. Kolter, J.Z., Maloof, M.A.: Learning to Detect and Classify Malicious Executables in the Wild. The Journal of Machine Learning Research 7, 2721–2744 (2006), JMLR.org

  27. Tabish, S.M., Shafiq, M.Z., Farooq, M.: Malware Detection using Statical Analysis of Byte-Level File Content. Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, pp. 23–31. ACM (2009)

    Google Scholar 

  28. Kiem, H., Thuy, N.T., Quang, T.M.N.: A Machine Learning Approach to Anti-virus System. In: Proceedings of Joint Workshop of Vietnamese Society of AI, SIGKBS-JSAI, ICS-IPSJ and IEICE-SIGAI on Active Mining, Hanoi-Vietnam, pp. 61–65 (2004)

    Google Scholar 

  29. Firdausi, I., Lim, C., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: Second International Conference on Advances in Computing, Control and Telecommunication Technologies (ACT), pp. 201–203. IEEE (2010)

    Google Scholar 

  30. Dua, S., Du, X.: Data mining and machine learning in cybersecurity. Taylor & Francis (2011)

    Google Scholar 

  31. Cohen, W.W.: Fast effective rule induction. In: ICML, vol. 95, pp. 115–123 (1995)

    Google Scholar 

  32. Quinlan, J.R.: C4.5: programs for machine learning, vol. 1. Morgan Kaufmann (1993)

    Google Scholar 

  33. Holmes, G., Donkin, A., Witten, I.H.: Weka: A machine learning workbench.iN: Proceedings of the Second Australian and New Zealand Conference on Intelligent Information Systems, pp. 357–361. IEEE (1994)

    Google Scholar 

  34. Witten, I.H., Frank, E.: Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann (2005)

    Google Scholar 

  35. Cleary, J.G., Trigg, L.E.: K*: An Instance-based Learner Using an Entropic Distance Measure. In: ICML, pp. 108–114 (1995)

    Google Scholar 

  36. John, G.H., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, pp. 338–345. Morgan Kaufmann (1995)

    Google Scholar 

  37. Freund, Y., Schapire, R.E.: A desicion-theoretic generalization of on-line learning and an application to boosting. In: Vitányi, P.M.B. (ed.) EuroCOLT 1995. LNCS, vol. 904, pp. 23–37. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  38. The Android Open Source Project: Application Fundamentals, http://developer.android.com/guide/components/fundamentals.html

  39. The Android Open Source Project: System Permissions, http://developer.android.com/guide/topics/security/permissions.html

  40. The Android Open Source Project: App Manifest, http://developer.android.com/guide/topics/manifest/manifest-intro.html

  41. The Android Open Source Project: Android Permissions, http://developer.android.com/guide/topics/security/permissions.html

  42. The Android Open Source Project: PackageManager, http://developer.android.com/reference/android/content/pm/PackageManager.html

  43. The University of Waikato: Attribute-Relation File Format (ARFF), http://www.cs.waikato.ac.nz/ml/weka/arff.html

  44. The University of Waikato: ARFF, http://weka.wikispaces.com/ARFF

  45. Mila: Contagio Mobile, http://contagiominidump.blogspot.it

  46. Google: Google Play Store, https://play.google.com/store

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Reykjavik University, Menntavegi 1, Reykjavik, 101, Iceland

    Paolo Rovelli & Ýmir Vigfússon

  2. Department of Mathematics and Computer Science, Emory University, 400 Dowman Drive, Atlanta, GA, 30322, USA

    Ýmir Vigfússon

Authors
  1. Paolo Rovelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ýmir Vigfússon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of EECS, University of Michigan, 48109-2121, Ann Arbor, MI, USA

    Atul Prakash

  2. Faculty of Technology and Computer Science, Tata Institute of Fundamental Research, Homi Bhabha Road, 400005, Mumbai, India

    Rudrapatna Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Rovelli, P., Vigfússon, Ý. (2014). PMDS: Permission-Based Malware Detection System. In: Prakash, A., Shyamasundar, R. (eds) Information Systems Security. ICISS 2014. Lecture Notes in Computer Science, vol 8880. Springer, Cham. https://doi.org/10.1007/978-3-319-13841-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13841-1_19

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13840-4

  • Online ISBN: 978-3-319-13841-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation