Machine Learning Approach for Malware Detection by Using APKs

An android mobile phone is one of the most anticipated smart phone operating systems on the market. The open source Android platform not only allow developer to take full advantage of the mobile system, but also raises significant issues related to malicious applications (Apps). Although understanding the android malware using dynamic analysis can provide a compressive view and it is still subjected to high cost in environment development and manual effort in investigation. In this study our proposed approach provides a static and dynamic analyst paradigm for detecting android malware. The mechanism considers the static information including permissions, deployment of components, intent message passing and API calls for characterizing the android application behavior. In order to recognize different intentions of android malware, different kind of clustering and classification can be applied to enhance the malware detection capability. Our approach extracts the information from the each APKs manifest file, and regards component (Activity, Receiver, Services) as entry points drilling down for tracing API calls related to permissions. Next it applies detection methods based on matching (Signature matching) and learning (SVM and random forest) algorithm to classify the applications as benign or malicious. The experimental results show that the accuracy of our approach is better than one of the well-known tool, Androguard, also it is efficient since its take half of the time than Androguard to predict 600 applications as benign or malicious. The open source Android platform allows developer to take full advantage of the mobile.

[1]  BongNam Noh,et al.  Android platform based linux kernel rootkit , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[2]  Veelasha Moonsamy,et al.  Analysis of malicious and benign android applications , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[3]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.

[4]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[5]  Mohd Faizal Abdollah,et al.  Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection , 2014, 2014 International Conference on Information Science & Applications (ICISA).

[6]  Yajin Zhou,et al.  Detecting Passive Content Leaks and Pollution in Android Applications , 2013, NDSS.

[7]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[8]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[9]  Sattar Hashemi,et al.  Malware detection based on mining API calls , 2010, SAC '10.

[10]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[11]  rey O. Kephart,et al.  Automatic Extraction of Computer Virus SignaturesJe , 2006 .

[12]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[13]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Xuxian Jiang,et al.  vEye: behavioral footprinting for self-propagating worm detection and profiling , 2008, Knowledge and Information Systems.

[15]  Tao Zhang,et al.  RobotDroid: A Lightweight Malware Detection Framework On Smartphones , 2012, J. Networks.

[16]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[17]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[18]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[19]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[20]  Anthony Desnos Android: From Reversing to Decompilation , 2011 .

[21]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.