FAMOUS: Forensic Analysis of MObile devices Using Scoring of application permissions

Abstract With the emergence of Android as a leading operating system in mobile devices, it becomes mandatory to develop specialized, predictive and robust security measures to provide a dependable environment for users. Extant reactive and proactive security techniques would not be enough to tackle the fast-growing security challenges in the Android environment. This paper has proposed a predictive forensic approach to detect suspicious Android applications. An in-depth study of statistical properties of permissions used by the malicious and benign Android applications has been performed. Based on the results of this study, a weighted score based feature set has been created which is used to build a predictive and lightweight malware detector for Android devices. Various experiments conducted on the aforementioned feature set, an improved accuracy level of 99% has been achieved with Random Forest classifier. This trained model has been used to build a forensic tool entitled FAMOUS (F orensic A nalysis of MO bile devices U sing S coring of application permissions) which is able to scan all the installed applications of an attached device and provide a descriptive report.

[1]  Xiangliang Zhang,et al.  Characterizing Android apps' behavior for effective detection of malapps at large scale , 2017, Future Gener. Comput. Syst..

[2]  Muttukrishnan Rajarajan,et al.  PIndroid: A novel Android malware detection system using ensemble learning , 2017 .

[3]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[4]  Franklin Tchakounté,et al.  Permission-based Malware Detection Mechanisms on Android: Analysis and Perspectives , 2014 .

[5]  Sheng-De Wang,et al.  Machine Learning Based Hybrid Behavior Models for Android Malware Analysis , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[6]  Xingquan Zhu,et al.  Machine Learning for Android Malware Detection Using Permission and API Calls , 2013, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.

[7]  John Clemens Automatic classification of object code using machine learning , 2015, Digit. Investig..

[8]  Andrea Valdi,et al.  AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors , 2013, SPSM '13.

[9]  Aiman Abu Samra,et al.  Analysis of Clustering Technique in Android Malware Detection , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[10]  Florian Michahelles,et al.  Detection of Malicious Applications on Android OS , 2010, ICWF.

[11]  Igor Santos,et al.  On the automatic categorisation of android applications , 2012, 2012 IEEE Consumer Communications and Networking Conference (CCNC).

[12]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[13]  Patrick P. K. Chan,et al.  Static detection of Android malware by using permissions and API calls , 2014, 2014 International Conference on Machine Learning and Cybernetics.

[14]  Yingjiu Li,et al.  Permission based Android security: Issues and countermeasures , 2014, Comput. Secur..

[15]  Kabakus Abdullah Talha,et al.  APK Auditor: Permission-based Android malware detection system , 2015 .

[16]  Mi-Jung Choi,et al.  Analysis of Android malware detection performance using machine learning classifiers , 2013, 2013 International Conference on ICT Convergence (ICTC).

[17]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[18]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[19]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[20]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[21]  Kim-Kwang Raymond Choo,et al.  Circumventing iOS security mechanisms for APT forensic investigations: A security taxonomy for cloud apps , 2018, Future Gener. Comput. Syst..

[22]  Richard E. Harang,et al.  Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[23]  William J. Buchanan,et al.  A methodology for the security evaluation within third-party Android Marketplaces , 2017, Digit. Investig..

[24]  Yang Chen,et al.  A neural network approach to category validation of Android applications , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[25]  Jason Nieh,et al.  A measurement study of google play , 2014, SIGMETRICS '14.

[26]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[27]  Fabio Marturana,et al.  A Machine Learning-based Triage methodology for automated categorization of digital media , 2013, Digit. Investig..

[28]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[29]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[30]  Yuval Elovici,et al.  Automated Static Code Analysis for Classifying Android Applications Using Machine Learning , 2010, 2010 International Conference on Computational Intelligence and Security.

[31]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[32]  Igor Nai Fovino,et al.  A Permission verification approach for android mobile applications , 2015, Comput. Secur..

[33]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[34]  Xiangliang Zhang,et al.  Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers , 2018, Future Gener. Comput. Syst..

[35]  Elisa Bertino,et al.  Detecting mobile malware threats to homeland security through static analysis , 2014, J. Netw. Comput. Appl..

[36]  Gianluca Dini,et al.  Risk analysis of Android applications: A user-centric solution , 2018, Future Gener. Comput. Syst..

[37]  Gonzalo Álvarez,et al.  MAMA: MANIFEST ANALYSIS FOR MALWARE DETECTION IN ANDROID , 2013, Cybern. Syst..

[38]  Mohammed S. Alam,et al.  Random Forest Classification for Detecting Android Malware , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[39]  Veelasha Moonsamy,et al.  Mining permission patterns for contrasting clean and malicious android applications , 2014, Future Gener. Comput. Syst..