Analysis of Clustering Technique in Android Malware Detection

Mobile computing is an important field in information technology, because of the wide use of mobile devises and mobile applications. Clustering gives good results with information retrieval (IR), It aims to automatically put similar applications in one cluster. In this paper, we evaluate clustering techniques in Android applications. We explain how we can apply clustering techniques in malware detection of Android applications. We also use machine learning techniques in auto detection of malware applications in the Android market. Our evaluation is given by clustering two categories of Android applications: business, and tools. We have extracted 18,174 Android's application files in our evaluation using clustering. We extract the features of the applications from applications' XML-files which contains permissions requested by applications. The results gives a positive indication of using unsupervised machine learning techniques in malware detection in mobile applications using a combination of the application information and xml Android Manifest files.

[1]  David A. Wagner,et al.  The Effectiveness of Application Permissions , 2011, WebApps.

[2]  Igor Santos,et al.  Semi-supervised Learning for Unknown Malware Detection , 2011, DCAI.

[3]  Yoseba K. Penya,et al.  Automatic Behaviour-based Analysis and Classification System for Malware Detection , 2010, ICEIS.

[4]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[5]  Igor Santos,et al.  On the automatic categorisation of android applications , 2012, 2012 IEEE Consumer Communications and Networking Conference (CCNC).

[6]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[7]  Igor Santos,et al.  Collective classification for unknown malware detection , 2011, Proceedings of the International Conference on Security and Cryptography.

[8]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[9]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[10]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[11]  Yuval Elovici,et al.  Automated Static Code Analysis for Classifying Android Applications Using Machine Learning , 2010, 2010 International Conference on Computational Intelligence and Security.

[12]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[13]  Dawn Xiaodong Song,et al.  Mining Permission Request Patterns from Android and Facebook Applications , 2012, 2012 IEEE 12th International Conference on Data Mining.

[14]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[15]  Md. Rafiqul Islam,et al.  An automated classification system based on the strings of trojan and virus families , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[16]  Alexander Dekhtyar,et al.  Information Retrieval , 2018, Lecture Notes in Computer Science.

[17]  Ioannis Anagnostopoulos,et al.  A Comparable Study Employing WEKA Clustering/Classification Algorithms for Web Page Classification , 2011, 2011 15th Panhellenic Conference on Informatics.

[18]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[19]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[20]  Raihana Ferdous,et al.  An efficient k-means algorithm integrated with Jaccard distance measure for document clustering , 2009, 2009 First Asian Himalayas International Conference on Internet.