Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection

Wang, Wei; Wang, Xing; Feng, Dawei; Liu, Jiqiang; Han, Zhen; Zhang, Xiangliang

doi:10.1109/tifs.2014.2353996

Cited by 310 publications

(164 citation statements)

References 22 publications

(19 reference statements)

Supporting

Mentioning

154

Contrasting

Unclassified

Order By: Relevance

“…In this point it should be noted that none of the related works identify the most relevant features that should be used as input to ML. The only work that select the dominant features is proposed in [16], nevertheless, they focus only on permissions.…”

Section: Resultsmentioning

confidence: 99%

“…For instance how the size of malware subset influence the accuracy. Although some of the related works (i.e., Safedroid [13,16], etc.) report accuracy up to 99%, we believe that our approach, relying on statistical features, can be an alternative option for detecting malware on Android.…”

Section: Resultsmentioning

confidence: 99%

“…In this setup, authors demonstrate for SVM accuracy up to 95%, while for the remaining classifiers the accuracy levels are 88.6% for C4.5, 91,6% for JRip, 82.5 for Naive Bayes (NB). Permission risk rank solution introduced in [16] studies to what extend Android malware can be detected based on the permission they define in app's manifest. To do so authors first select the riskiest permission set (i.e.,, the most relevant from a statistical point of view) by employing statistical techniques such as T-test, and Principal Component Analysis (PCA) and secondly evaluate ML classifiers using the riskiest permission.…”

Section: Permissionsmentioning

confidence: 99%

See 2 more Smart Citations

Towards a Mobile Malware Detection Framework with the Support of Machine Learning

Geneiatakis

Baldini

Fovino

et al. 2018

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract. Several policies initiatives around the digital economy stress on one side the centrality of smartphones and mobile applications, and on the other call for attention on the threats to which this ecosystem is exposed to. Lately, a plethora of related works rely on machine learning algorithms to classify whether an application is malware or not, using data that can be extracted from the application itself with high accuracy. However, different parameters can influence machine learning effectiveness. Thus, in this paper we focus on validating the efficiency of such approaches in detecting malware for Android platform, and identifying the optimal characteristics that should be consolidated in any similar approach. To do so, we built a machine learning solution based on features that can be extracted by static analysis of any Android application, such as activities, services, broadcasts, receivers, intent categories, APIs, and permissions. The extracted features are analyzed using statistical analysis and machine learning algorithms. The performance of different sets of features are investigated and compared. The analysis shows that under an optimal configuration an accuracy up to 97% can be obtained.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Permissionsmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Mobile Malware Detection Framework with the Support of Machine Learning

Geneiatakis

Baldini

Fovino

et al. 2018

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

“…These algorithms are applied to many fields of machine learning because of being simple and efficient [32,33]. At the same time, the method this paper proposed is compared with the method proposed by Wang [34] and Sato [12]. Wang [34] detected the malware by building different information models from Android permission.…”

Section: Results Contrastmentioning

confidence: 99%

“…At the same time, the method this paper proposed is compared with the method proposed by Wang [34] and Sato [12]. Wang [34] detected the malware by building different information models from Android permission. Sato [12] extracts permission, intent filter (action), intent filter (category) and process name from the AndroidManifest.xml file as the basis of classification, and uses the J48 decision tree to detect the Android malware.…”

Section: Results Contrastmentioning

confidence: 99%

An Android Malicious Code Detection Method Based on Improved DCA Algorithm

Wang

Gong

et al. 2017

Entropy

View full text Add to dashboard Cite

Abstract:Recently, Android malicious code has increased dramatically and the technology of reinforcement is increasingly powerful. Due to the development of code obfuscation and polymorphic deformation technology, the current Android malicious code static detection method whose feature selected is the semantic of application source code can not completely extract malware's code features. The Android malware static detection methods whose features used are only obtained from the AndroidManifest.xml file are easily affected by useless permissions. Therefore, there are some limitations in current Android malware static detection methods. The current Android malware dynamic detection algorithm is mostly required to customize the system or needs system root permissions. Based on the Dendritic Cell Algorithm (DCA), this paper proposes an Android malware algorithm that has a higher detection rate, does not need to modify the system, and reduces the impact of code obfuscation to a certain degree. This algorithm is applied to an Android malware detection method based on oriented Dalvik disassembly sequence and application interface (API) calling sequence. Through the designed experiments, the effectiveness of this method is verified for the detection of Android malware.

show abstract

Identification of Android malware using refined system calls

Deepa

Radhamani²,

Vinod

et al. 2019

Concurrency and Computation

View full text Add to dashboard Cite

The ever increasing number of Android malware has always been a concern for cybersecurity professionals. Even though plenty of anti-malware solutions exist, we hypothesize that the performance of existing approaches can be improved by deriving relevant attributes through effective feature selection methods. In this paper, we propose a novel two-step feature selection approach based on Rough Set and Statistical Test named as RSST to extract refined system calls, which can effectively discriminate malware from benign apps. By refined set of system call, we mean the existence of highly relevant calls that are uniformly distributed thought target classes. Moreover, an optimal attribute set is created, which is devoid of redundant system calls.To address the problem of higher dimensional attribute set, we derived suboptimal system call space by applying the proposed feature selection method to maximize the separability between malware and benign samples. Comprehensive experiments conducted on three datasets resulted in an accuracy of 99.9%, Area Under Curve (AUC) of 1.0, with 1% False Positive Rate (FPR).However, other feature selectors (Information Gain, CFsSubsetEval, ChiSquare, FreqSel, and Symmetric Uncertainty) used in the domain of malware analysis resulted in the accuracy of 95.5% with 8.5% FPR. Moreover, the empirical analysis of RSST derived system calls outperformed other attributes such as permissions, opcodes, API, methods, call graphs, Droidbox attributes, and network traces.

show abstract

Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection

Cited by 310 publications

References 22 publications

Towards a Mobile Malware Detection Framework with the Support of Machine Learning

Towards a Mobile Malware Detection Framework with the Support of Machine Learning

An Android Malicious Code Detection Method Based on Improved DCA Algorithm

Identification of Android malware using refined system calls

Contact Info

Product

Resources

About