PermPair: Android Malware Detection Using Permission Pairs

The Android smartphones are highly prone to spreading the malware due to intrinsic feebleness that permits an application to access the internal resources when the user grants the permissions knowingly or unknowingly. Hence, the researchers have focused on identifying the conspicuous permissions that lead to malware detection. Most of these permissions, common to malware and normal applications present themselves in different patterns and contribute to attacks. Therefore, it is essential to find the significant combinations of the permissions that can be dangerous. Hence, this paper aims to identify the pairs of permissions that can be dangerous. To the best of our knowledge, none of the existing works have used the permission pairs to detect malware. In this paper, we proposed an innovative detection model, named PermPair, that constructs and compares the graphs for malware and normal samples by extracting the permission pairs from the manifest file of an application. The evaluation results indicate that the proposed scheme is successful in detecting malicious samples with an accuracy of 95.44% when compared to other similar approaches and favorite mobile anti-malware apps. Further, we also proposed an efficient edge elimination algorithm that removed 7% of the unnecessary edges from the malware graph and 41% from the normal graph. This lead to minimum space utility and also 28% decrease in the detection time.

[1]  Bo Li,et al.  Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach , 2017, Comput. Secur..

[2]  Anshul Arora,et al.  Minimizing Network Traffic Features for Android Mobile Malware Detection , 2017, ICDCN.

[3]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[4]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[5]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[6]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[7]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[8]  Bo Yang,et al.  A First Look at Android Malware Traffic in First Few Minutes , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[9]  Anshul Arora,et al.  Hybrid Android Malware Detection by Combining Supervised and Unsupervised Learning , 2018, MobiCom.

[10]  Gonzalo Álvarez,et al.  MAMA: MANIFEST ANALYSIS FOR MALWARE DETECTION IN ANDROID , 2013, Cybern. Syst..

[11]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[12]  Ninghui Li,et al.  Using probabilistic generative models for ranking risks of Android apps , 2012, CCS.

[13]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[14]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[15]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[16]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[17]  Qinghua Zheng,et al.  Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis , 2018, IEEE Transactions on Information Forensics and Security.

[18]  Luo Si,et al.  A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code , 2015, IEEE Transactions on Dependable and Secure Computing.

[19]  Zhenkai Liang,et al.  Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android , 2016, IEEE Transactions on Information Forensics and Security.

[20]  Marc Lemercier,et al.  Android application classification and anomaly detection with graph-based permission patterns , 2017, Decis. Support Syst..

[21]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[22]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[23]  Vitor Monte Afonso,et al.  Identifying Android malware using dynamically obtained features , 2014, Journal of Computer Virology and Hacking Techniques.

[24]  Xiangliang Zhang,et al.  Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection , 2014, IEEE Transactions on Information Forensics and Security.

[25]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[26]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[27]  Anshul Arora,et al.  NTPDroid: A Hybrid Android Malware Detector Using Network Traffic and System Permissions , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[28]  Zibin Zheng,et al.  MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs , 2018, IEEE Transactions on Reliability.

[29]  Abdullah Talha Kabakus,et al.  APK Auditor: Permission-based Android malware detection system , 2015, Digit. Investig..

[30]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[31]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[32]  Hui Xiong,et al.  Mobile app recommendations with security and privacy awareness , 2014, KDD.

[33]  Veelasha Moonsamy,et al.  Mining permission patterns for contrasting clean and malicious android applications , 2014, Future Gener. Comput. Syst..

[34]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[35]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[36]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[37]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[38]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[39]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[40]  Anshul Arora,et al.  Malware Detection Using Network Traffic Analysis in Android Based Mobile Devices , 2014, 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies.

[41]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[42]  John C. S. Lui,et al.  TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime , 2016, CCS.

[43]  Arnold Neumaier,et al.  Introduction to Numerical Analysis , 2001 .

[44]  Lukasz Ziarek,et al.  Flow Permissions for Android , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[45]  Xue Liu,et al.  Effective Real-Time Android Application Auditing , 2015, 2015 IEEE Symposium on Security and Privacy.

[46]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[47]  Mauro Conti,et al.  Detecting Android Malware Leveraging Text Semantics of Network Flows , 2017, IEEE Transactions on Information Forensics and Security.

[48]  Muttukrishnan Rajarajan,et al.  PIndroid: A novel Android malware detection system using ensemble learning , 2017 .

[49]  L. Cavallaro,et al.  A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors , 2013 .