Android Malware Detection Scheme Based on Level of SSL Server Certificate

Detecting Android malware is imperative. As a promising Android malware detection scheme, we focus on the scheme leveraging the differences of traffic patterns between benign apps and malware. Those differences can be captured even if the packet is encrypted. However, since such features are just statistic based ones, they cannot identify whether each traffic is malicious. Thus, it is necessary to design the scheme which is applicable to encrypted traffic data and supports identification of malicious traffic. In this paper, we propose an Android malware detection scheme based on the level of SSL server certificate. Attackers tend to use an untrusted certificate to encrypt malicious payloads in many cases because passing rigorous examination is required to get a trusted certificate. Thus, we utilize SSL server certificate based features for detection since their certificates tend to be untrusted. Furthermore, in order to obtain the more exact features, we introduce required permission based weight values because malware inevitably require permissions regarding malicious actions. By computer simulation with real dataset, we show our scheme achieves an accuracy of 92.7 %. True positive rate and false positive rate are 5.6% higher and 3.3% lower than the previous scheme, respectively. Our scheme can cope with encrypted malicious payloads and 89 malware which are not detected by the previous scheme.

[1]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[2]  Chao Wang,et al.  Research on data mining of permissions mode for Android malware detection , 2018, Cluster Computing.

[3]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[4]  Mauro Conti,et al.  Detecting Android Malware Leveraging Text Semantics of Network Flows , 2017, IEEE Transactions on Information Forensics and Security.

[5]  小林 明大,et al.  楽々!Android Studioはじめの一歩 , 2015 .

[6]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[7]  Sateesh Kumar Peddoju,et al.  Network-based detection of Android malicious apps , 2016, International Journal of Information Security.

[8]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[9]  Ke Xu,et al.  ICCDetector: ICC-Based Malware Detection on Android , 2016, IEEE Transactions on Information Forensics and Security.

[10]  Arun Lakhotia,et al.  DroidLegacy: Automated Familial Classification of Android Malware , 2014, PPREW'14.

[11]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[12]  Zhenkai Liang,et al.  Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android , 2016, IEEE Transactions on Information Forensics and Security.