A New Android Malware Detection Approach Using Bayesian Classification

Mobile malware has been growing in scale and complexity as smartphone usage continues to rise. Android has surpassed other mobile platforms as the most popular whilst also witnessing a dramatic increase in malware targeting the platform. A worrying trend that is emerging is the increasing sophistication of Android malware to evade detection by traditional signature-based scanners. As such, Android app marketplaces remain at risk of hosting malicious apps that could evade detection before being downloaded by unsuspecting users. Hence, in this paper we present an effective approach to alleviate this problem based on Bayesian classification models obtained from static code analysis. The models are built from a collection of code and app characteristics that provide indicators of potential malicious activities. The models are evaluated with real malware samples in the wild and results of experiments are presented to demonstrate the effectiveness of the proposed approach.

[1]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[2]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[3]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[4]  Chin-Hsiung Wu,et al.  A Virus Prevention Model Based on Static Analysis and Data Mining Methods , 2008, 2008 IEEE 8th International Conference on Computer and Information Technology Workshops.

[5]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[6]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[7]  Sahin Albayrak,et al.  Monitoring Smartphones for Anomaly Detection , 2008, Mob. Networks Appl..

[8]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[9]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[10]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[11]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[12]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[13]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[14]  Michalis Faloutsos,et al.  ProfileDroid: multi-layer profiling of android applications , 2012, Mobicom '12.

[15]  Siu-Ming Yiu,et al.  DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[16]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[17]  Artem Starostin,et al.  A framework for static detection of privacy leaks in android applications , 2012, SAC '12.

[18]  K. Yi,et al.  SCANDAL : Static Analyzer for Detecting Privacy Leaks in Android Applications , 2012 .

[19]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[20]  Axelle Apvrille,et al.  Reducing the window of opportunity for Android malware Gotta catch ’em all , 2012, Journal in Computer Virology.