Supervised Learning Based Detection of Malware on Android

Abstract This chapter aims to present a new approach for detecting Android malware by relying permissions and supervised learning techniques. For that, we present security and its flaws in the Android system. Then we present concepts around machine learning and how they can be used for malware detection in general. We discuss works using permissions as key feature for the characterization of applications to detect malicious behavior. We present a detection system combining the proportion of requested permissions and risks induced on resources. This system requires the user to specify resources to protect and inform in an understandable way, activities performed in background with those permissions. We pass through some graphical interfaces of the implementation, then elucidate results concerning detection and prediction performance with the support of learning algorithms. We compare these results against well-known antiviruses and related solutions on the same collected datasets of malicious and benign applications. It is revealed that our system outperforms most of them and it is able to detect zero-day malware. Therefore it constitutes an interesting step forward to help users understanding the risks induced on resources and to help them detecting malware.

[1]  Michalis Faloutsos,et al.  Malicious Android Applications in the Enterprise: What Do They Do and How Do We Fix It? , 2012, 2012 IEEE 28th International Conference on Data Engineering Workshops.

[2]  Tianqing Zhu,et al.  Android malware detection with contrasting permission patterns , 2014 .

[3]  Jiqiang Liu,et al.  A Two-Layered Permission-Based Android Malware Detection Scheme , 2014, 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering.

[4]  Franklin Tchakounté,et al.  Qualitative Evaluation of Security Tools for Android , 2013 .

[5]  Gonzalo Álvarez,et al.  MAMA: MANIFEST ANALYSIS FOR MALWARE DETECTION IN ANDROID , 2013, Cybern. Syst..

[6]  Vipin Kumar,et al.  Introduction to Data Mining , 2022, Data Mining and Machine Learning Applications.

[7]  Ron Kohavi,et al.  Scaling Up the Accuracy of Naive-Bayes Classifiers: A Decision-Tree Hybrid , 1996, KDD.

[8]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[9]  Zhaohui Wu,et al.  Collaborative Policy Administration , 2014, IEEE Transactions on Parallel and Distributed Systems.

[10]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[11]  J. L. Hodges,et al.  Discriminatory Analysis - Nonparametric Discrimination: Consistency Properties , 1989 .

[12]  Ninghui Li,et al.  Android permissions: a perspective combining risks and benefits , 2012, SACMAT '12.

[13]  D. Hosmer,et al.  Applied Logistic Regression , 1991 .

[14]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[15]  Judea Pearl,et al.  Reverend Bayes on Inference Engines: A Distributed Hierarchical Approach , 1982, AAAI.

[16]  Gianluca Dini,et al.  A Multi-criteria-Based Evaluation of Android Applications , 2012, INTRUST.

[17]  Gerardo Canfora,et al.  A Classifier of Malicious Android Applications , 2013, 2013 International Conference on Availability, Reliability and Security.

[18]  Yuval Elovici,et al.  Automated Static Code Analysis for Classifying Android Applications Using Machine Learning , 2010, 2010 International Conference on Computational Intelligence and Security.

[19]  Sang C. Suh Practical Applications of Data Mining , 2011 .

[20]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[21]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[22]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[23]  Shigeki Goto,et al.  Detecting Android Malware by Analyzing Manifest Files , 2013 .

[24]  Igor Santos,et al.  On the automatic categorisation of android applications , 2012, 2012 IEEE Consumer Communications and Networking Conference (CCNC).

[25]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[26]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[27]  Zhuoqing Morley Mao,et al.  AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users , 2013, CODASPY.

[28]  Ymir Vigfusson,et al.  PMDS: Permission-Based Malware Detection System , 2014, ICISS.

[29]  Tilo Müller,et al.  Android Malware Detection Based on Software Complexity Metrics , 2014, TrustBus.

[30]  Todd Millstein,et al.  Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android , 2011 .

[31]  Yuzuru Tanahashi,et al.  Various approaches in analyzing Android applications with its permission-based security models , 2011, 2011 IEEE INTERNATIONAL CONFERENCE ON ELECTRO/INFORMATION TECHNOLOGY.

[32]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[33]  Stefan Br,et al.  Analysis of the Android Architecture , 2010 .

[34]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[35]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[36]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[37]  Yingjiu Li,et al.  Permission based Android security: Issues and countermeasures , 2014, Comput. Secur..

[38]  J. Hanley,et al.  The meaning and use of the area under a receiver operating characteristic (ROC) curve. , 1982, Radiology.

[39]  Stefan Kraxberger,et al.  Android Security Permissions - Can We Trust Them? , 2011, MobiSec.

[40]  Lukasz Ziarek,et al.  Flow Permissions for Android , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[41]  Canalys Over 1 billion Android-based smart phones to ship in 2017 , 2013 .

[42]  Yoav Freund,et al.  Experiments with a New Boosting Algorithm , 1996, ICML.

[43]  Xiangliang Zhang,et al.  Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection , 2014, IEEE Transactions on Information Forensics and Security.

[44]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[45]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[46]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[47]  Christopher Wolf,et al.  PermissionWatcher: Creating User Awareness of Application Permissions in Mobile Systems , 2012, AmI.

[48]  Jiaming He,et al.  Extending Android Security Enforcement with a Security Distance Model , 2011, 2011 International Conference on Internet Technology and Applications.

[49]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[50]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[51]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[52]  Jacques Klein,et al.  Machine Learning-Based Malware Detection for Android Applications: History Matters! , 2014 .

[53]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[54]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[55]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.