Android Fragmentation in Malware Detection

Abstract Differences between Android versions affect not only application developers but also make the task of securing Android harder, as it is not easy to keep track of updates. In this paper, we first systematically analyze the Android framework, which includes APIs and enforced manifest permissions to realize the inconsistency currently exists in the OS. To carry out the analysis, fine-grained machine learning-based classifiers are constructed out of predefined malicious-benign datasets to perform the task of malware detection. We propose the use of multiple feature vectors to build machine learning-based models targeting different ranges of Android API levels. As a result, the process of choosing optimal learning features becomes more efficient while avoids complicating the machine learning model unnecessarily. Also, top features extracted from machine learning models provide us the insights about how important each of them is to specific Android versions. We eventually observe the improvement of detection rates in those fine-grained classifiers compared to a single classifier.

[1]  Chao Yang,et al.  DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications , 2014, ESORICS.

[2]  Doina Caragea,et al.  Android malware detection with weak ground truth data , 2016, 2016 IEEE International Conference on Big Data (Big Data).

[3]  Sotiris Ioannidis,et al.  Rage against the virtual machine: hindering dynamic analysis of Android malware , 2014, EuroSec '14.

[4]  Hongnian Yu,et al.  SAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System , 2018, IEEE Access.

[5]  Yanfang Ye,et al.  Make Evasion Harder: An Intelligent Android Malware Detection System , 2018, IJCAI.

[6]  Constantinos Patsakis,et al.  Hey Doc, Is This Normal?: Exploring Android Permissions in the Post Marshmallow Era , 2017, SPACE.

[7]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[8]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[9]  Onur Sahin,et al.  Proteus: Detecting Android Emulators from Instruction-Level Profiles , 2018, RAID.

[10]  Ninghui Li,et al.  AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection , 2018, NDSS.

[11]  Olga Gadyatskaya,et al.  Small Changes, Big Changes: An Updated View on the Android Permission System , 2016, RAID.

[12]  Tudor Dumitras,et al.  FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature , 2016, CCS.

[13]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[14]  Jacques Klein,et al.  Machine Learning-Based Malware Detection for Android Applications: History Matters! , 2014 .

[15]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[16]  Collin Mulliner,et al.  Android Hacker's Handbook , 2014 .

[17]  Mansour Ahmadi,et al.  DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware , 2017, CODASPY.

[18]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[19]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[20]  Alessio Merlo,et al.  RiskInDroid: Machine Learning-Based Risk Analysis on Android , 2017, SEC.

[21]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[22]  Haipeng Cai,et al.  DroidCat: Effective Android Malware Detection and Categorization via App-Level Profiling , 2019, IEEE Transactions on Information Forensics and Security.

[23]  Vijay Laxmi,et al.  DRACO: DRoid analyst combo an android malware analysis framework , 2015, SIN.

[24]  Nan Zhang,et al.  The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations , 2014, 2014 IEEE Symposium on Security and Privacy.

[25]  Gianluca Stringhini,et al.  MaMaDroid , 2019, ACM Trans. Priv. Secur..

[26]  Ninghui Li,et al.  Analysis of SEAndroid Policies: Combining MAC and DAC in Android , 2017, ACSAC.

[27]  Dogukan Aydinli,et al.  Abuse of Mobile Devices by Making Reverse Proxy Server , 2017 .

[28]  Nikolay Elenkov Android Security Internals: An In-Depth Guide to Android's Security Architecture , 2014 .

[29]  Erik Derr,et al.  On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis , 2016, USENIX Security Symposium.

[30]  Eleni Stroulia,et al.  Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs , 2012, 2012 19th Working Conference on Reverse Engineering.

[31]  Ninghui Li,et al.  Precise Android API Protection Mapping Derivation and Reasoning , 2018, CCS.

[32]  Yepang Liu,et al.  Taming Android fragmentation: Characterizing and detecting compatibility issues for Android apps , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[33]  Mauro Conti,et al.  A machine learning based approach to detect malicious android apps using discriminant system calls , 2019, Future Gener. Comput. Syst..

[34]  Gabriele Bavota,et al.  Automated Documentation of Android Apps , 2021, IEEE Transactions on Software Engineering.

[35]  Sencun Zhu,et al.  A Large-scale Study of Android Malware Development Phenomenon on Public Malware Submission and Scanning Platform , 2018 .

[36]  Minhui Xue,et al.  StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware , 2016, AsiaCCS.

[37]  Zhoujun Li,et al.  An Effective Approach to Measuring and Assessing the Risk of Android Application , 2015, 2015 International Symposium on Theoretical Aspects of Software Engineering.

[38]  Carl A. Gunter,et al.  Resolving the Predicament of Android Custom Permissions , 2018, NDSS.

[39]  Sankardas Roy,et al.  Deep Ground Truth Analysis of Current Android Malware , 2017, DIMVA.