Experimental analysis of Android malware detection based on combinations of permissions and API-calls

AbstractAndroid-based smartphones are gaining popularity, due to its cost efficiency and various applications. These smartphones provide the full experience of a computing device to its user, and usually ends up being used as a personal computer. Since the Android operating system is open-source software, many contributors are adding to its development to make the interface more attractive and tweaking the performance. In order to gain more popularity, many refined versions are being offered to customers, whose feedback will enable it to be made even more powerful and user-friendly. However, this has attracted many malicious code-writers to gain anonymous access to the user’s private data. Moreover, the malware causes an increase of resource consumption. To prevent this, various techniques are currently being used that include static analysis-based detection and dynamic analysis-based detection. But, due to the enhancement in Android malware code-writing techniques, some of these techniques are getting overwhelmed. Therefore, there is a need for an effective Android malware detection approach for which experimental studies were conducted in the present work using the static features of the Android applications such as Standard Permissions with Application Programming Interface (API) calls, Non-standard Permissions with API-calls, API-calls with Standard and Nonstandard Permissions. To select the prominent features, Feature Selection Techniques (FSTs) such as the BI-Normal Separation (BNS), Mutual Information (MI), Relevancy Score (RS), and the Kullback-Leibler (KL) were employed and their effectiveness was measured using the Linear-Support Vector Machine (L-SVM) classifier. It was observed that this classifier achieved Android malware detection accuracy of 99.6% for the combined features as recommended by the BI-Normal Separation FST.

[1]  Mi-Jung Choi,et al.  Analysis of Android malware detection performance using machine learning classifiers , 2013, 2013 International Conference on ICT Convergence (ICTC).

[2]  Mi-Jung Choi,et al.  Linux kernel-based feature selection for Android malware detection , 2014, The 16th Asia-Pacific Network Operations and Management Symposium.

[3]  Igor Santos,et al.  Instance-based anomaly method for Android malware detection , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[4]  Qingzhong Liu,et al.  Merging Permission and API Features for Android Malware Detection , 2016, 2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI).

[5]  P. Vinod,et al.  Android Malware Analysis Using Ensemble Features , 2014, SPACE.

[6]  Xingquan Zhu,et al.  Machine Learning for Android Malware Detection Using Permission and API Calls , 2013, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.

[7]  Igor Santos,et al.  Anomaly-based spam filtering , 2011, Proceedings of the International Conference on Security and Cryptography.

[8]  Axelle Apvrille,et al.  Reducing the window of opportunity for Android malware Gotta catch ’em all , 2012, Journal in Computer Virology.

[9]  Giorgio Giacinto,et al.  Stealth attacks: An extended insight into the obfuscation effects on Android malware , 2015, Comput. Secur..

[10]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[11]  K. P. Soman,et al.  Deep android malware detection and classification , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[12]  Ali Feizollah,et al.  AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection , 2017, Comput. Secur..

[13]  Roberto Battiti,et al.  Using mutual information for selecting features in supervised neural net learning , 1994, IEEE Trans. Neural Networks.

[14]  Ming-Yang Su,et al.  Detection of Android malware: Combined with static analysis and dynamic analysis , 2016, 2016 International Conference on High Performance Computing & Simulation (HPCS).

[15]  K. P. Soman,et al.  Detecting Android malware using Long Short-term Memory (LSTM) , 2018, J. Intell. Fuzzy Syst..

[16]  Patrick P. K. Chan,et al.  Static detection of Android malware by using permissions and API calls , 2014, 2014 International Conference on Machine Learning and Cybernetics.

[17]  Jiawei Zhu,et al.  API Sequences Based Malware Detection for Android , 2015, 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom).

[18]  Fang Juan,et al.  Android malware detection based on permissions , 2014 .

[19]  Muddassar Farooq,et al.  In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS , 2013, Inf. Sci..

[20]  Andreas Christmann,et al.  Support vector machines , 2008, Data Mining and Knowledge Discovery Handbook.

[21]  Jie Huang,et al.  Android malware detection based on permission and behavior analysis , 2014 .

[22]  Mauro Conti,et al.  A Host and Network Based Intrusion Detection for Android Smartphones , 2016, 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[23]  Sheng-De Wang,et al.  Machine Learning Based Hybrid Behavior Models for Android Malware Analysis , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[24]  B. Bonev Feature Selection based on Information Theory , 2010 .

[25]  Zheng Yan,et al.  A hybrid approach of mobile malware detection in Android , 2017, J. Parallel Distributed Comput..