access icon free Improved real-time permission based malware detection and clustering approach using model independent pruning

© The Institution of Engineering and Technology
Received 21/08/2019, Accepted 23/03/2020, Revised 07/03/2020, Published 26/03/2020

The popularity of Android prompts cyber-criminals to create malicious apps that can compromise security and confidentiality of the mobile systems. Analysing the permissions requested by an app is one of the methods to detect if it is malware or not. However, taking all the permissions available in the Android system into account can result in a model with increased complexity. To tackle this, a malware detection system is needed as both efficient and employable for real-time usage. In this study, a preprocessing module has been developed that comprises of five different data reduction techniques to identify the minimal set of permission. The preprocessing resulted in a ten-dimensional vector in place of 113 permissions. It is also observed that the performance of a decision tree trained just with these ten dimensions is as the one trained with all 113 permissions. The proposed malware detection system achieves an accuracy of 94.3% on unknown malware samples. The system outperforms others in terms of recall attributed to lower false negative prediction. Further, it categorises the malware samples into 45 families using a clustering approach. An android application has also been developed using a built model for real-time usage.

Inspec keywords: decision trees; data reduction; pattern clustering; mobile computing; computer crime; real-time systems; Android (operating system); invasive software

Other keywords: real-time usage; cyber-criminals; unknown malware samples; mobile system security; Android system; Android application; decision tree; mobile system confidentiality; improved real-time permission; preprocessing module; clustering approach; model independent pruning; malicious apps; malware detection system; data reduction techniques

Subjects: Data security; Mobile, ubiquitous and pervasive computing; Combinatorial mathematics

References

    1. 1)
      • 19. Narudin, F.A., Feizollah, A., Anuar, N.B., et al: ‘Evaluation of machine learning classifiers for mobile malware detection’, Soft Comput., 2016, 20, (1), pp. 343357.
    2. 2)
      • 4. Grace, M., Zhou, Y., Zhang, Q., et al: ‘Riskranker: scalable and accurate zero-day android malware detection’. Proc. 10th Int. Conf. Mobile Systems, Applications and Services, Lake District, UK, 2012, pp. 281294.
    3. 3)
      • 6. Chen, K.Z., Johnson, N.M., D'Silva, V., et al: ‘Contextual policy enforcement in android applications with permission event graphs’. Network and Distributed System Security Symp. (NDSS), San Diego, California, USA, 2013, p. 234.
    4. 4)
      • 8. Demontis, A., Melis, M., Biggio, B., et al: ‘Yes, machine learning can be more secure! a case study on android malware detection’, IEEE Trans. Dependable Secur. Comput., 2017, 16, (4), pp. 711724.
    5. 5)
      • 17. Wang, S., Yan, Q., Chen, Z., et al: ‘TextDroid: semantics based detection of mobile malware using network flows’. IEEE Conf. Computer Communications Workshops (INFOCOM WKSHPS), Atlanta, GA, USA, 2017, pp. 1823.
    6. 6)
      • 13. Yang, W., Xiao, X., Andow, B., et al: ‘AppContext: differentiating malicious and benign mobile app behaviors using context’. Proc. 37th Int. Conf. Software Engineering, Florence, Italy, 2015, vol. 1, pp. 303313.
    7. 7)
      • 2. Schmidt, A.D., Bye, R., Schmidt, H.G., et al: ‘Static analysis of executables for collaborative malware detection on android’. Int. Conf. Communications, Dresden, Germany, 2009, pp. 15.
    8. 8)
      • 9. Kim, T., Kang, B., Rho, M., et al: ‘A multimodal deep learning method for android malware detection using various features’, IEEE Trans. Inf. Forensics Sec., 2018, 14, (3), pp. 773788.
    9. 9)
      • 14. Li, Z., Sun, L., Yan, Q., et al: ‘DroidClassifier: efficient adaptive mining of application-layer header for classifying android malware’. Int. Conf. Security and Privacy in Communication Systems, Guangzhou, People's Republic of China, 2016, pp. 597616.
    10. 10)
      • 22. Zhang, M., Duan, Y., Yin, H., et al: ‘Semantics-aware android malware classification using weighted contextual API dependency graphs’. Proc. ACM SIGSAC Conf. Computer and Communications Security, Scottsdale Arizona USA, 2014, pp. 11051116.
    11. 11)
      • 5. Zhou, Y., Wang, Z., Zhou, W., et al: ‘Hey, you, get off of my market: detecting malicious apps in official and alternative android markets’. Network and Distributed System Security Symp. (NDSS), San Diego, California, USA, 2012, vol. 25, pp. 5052.
    12. 12)
      • 18. Wang, W., Wang, X., Feng, D., et al: ‘Exploring permission induced risk in android applications for malicious application detection’, IEEE Trans. Inf. Forensics Sec., 2014, 9, (11), pp. 18691882.
    13. 13)
      • 3. Blasing, T., Batyuk, L., Schmidt, A.D., et al: ‘An android application sandbox system for suspicious software detection’. 5th Int. Conf. Malicious and Unwanted Software, Nancy, Lorraine, France, 2010, pp. 5562.
    14. 14)
      • 20. Huang, C.Y., Tsai, Y.T., Hsu, C.H.: ‘Performance evaluation on permission-based detection for android malware’. Advances in Intelligent Systems and Applications, Berlin, Germany, 2013, vol. 2, pp. 111120.
    15. 15)
      • 16. Ali Alatwi, H., Oh, T., Fokoue, E., et al: ‘Android malware detection using category-based machine learning classifiers’. Proc. 17th Annual Conf. Information Technology Education, New York, USA, 2016, pp. 5459.
    16. 16)
      • 7. Enck, W., Gilbert, P., Han, S., et al: ‘Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones’, ACM Trans. Comput. Syst., 2014, 32, (2), pp. 129.
    17. 17)
      • 10. Arshad, S., Shah, M.A., Wahid, A., et al: ‘SAMADroid: a novel 3-level hybrid malware detection model for android operating system’, IEEE Access, 2018, 6, pp. 43214339.
    18. 18)
      • 12. Arp, D., Spreitzenbarth, M., Hubner, M., et al: ‘DREBIN: effective and explainable detection of android malware in your pocket’. Network and Distributed System Security Symp. (NDSS), San Diego, California, USA, 2014, vol. 14, pp. 2326.
    19. 19)
      • 1. Shabtai, A.: ‘Malware detection on mobile devices’. 11th Int. Conf. Mobile Data Management, Kansas City, MO, USA, 2010, pp. 289290.
    20. 20)
      • 15. Chen, Z., Yan, Q., Han, H., et al: ‘Machine learning based mobile malware detection using highly imbalanced network traffic’, Inf. Sci., 2018, 433, pp. 346364.
    21. 21)
      • 11. Agrawal, R., Srikant, R.: ‘Fast algorithms for mining association rules’. Proc. 20th Int. Conf. Large Data Bases, VLDB, Santiago, Chile, September 1994, vol. 1215, pp. 487499.
    22. 22)
      • 24. Li, J., Sun, L., Yan, Q., et al: ‘Significant permission identification for machine-learning-based android malware detection’, IEEE Trans. Ind. Inf., 2018, 14, (7), pp. 32163225.
    23. 23)
      • 23. Tiwari, S.R., Shukla, R.U.: ‘An android malware detection technique based on optimized permissions and API’. Int. Conf. Inventive Research in Computing Applications (ICIRCA), Coimbatore, India, 2018, pp. 258263.
    24. 24)
      • 25. Plackett, R.L.: ‘Karl Pearson and the chi-squared test’, Int. Stat. Rev./Rev. Int. Stat., 1983, 51, pp. 5972.
    25. 25)
      • 21. Aafer, Y., Du, W., Yin, H.: ‘DroidAPIMiner: mining API-level features for robust malware detection in android’. Int. Conf. Security and Privacy in Communication Systems, Sydney, NSW, Australia, 2013, pp. 86103.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2019.0418
Loading

Related content

content/journals/10.1049/iet-ifs.2019.0418
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading