Mining permission patterns for contrasting clean and malicious android applications

Moonsamy, Veelasha; Rong, Jia; Liu, Shaowu

doi:10.1016/j.future.2013.09.014

Cited by 94 publications

(39 citation statements)

References 23 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, according to Moonsamy et al [24], there are requested permissions as well as required permissions. It is possible that actual permissions used by applications are different from the requested permissions that is sent to the user for approval.…”

Section: Data Collection and Analysismentioning

confidence: 99%

“…Numerous studies simply extracted permissions and utilized machine learning to detect malicious application, [45], [46], [47], [48]. Researchers in [49], [50] argue that merely analyzing requested permissions is not sufficient for detecting malicious applications. They analyzed used permissions in addition to requested permissions in order to detect malware.…”

Section: Effectivenessmentioning

confidence: 99%

See 1 more Smart Citation

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Feizollah

Anuar

Salleh

et al. 2017

Computers & Security

209

View full text Add to dashboard Cite

The wide popularity of Android systems has been accompanied by increase in the number of malware targeting these systems. This is largely due to the open nature of the Android framework that facilitates the incorporation of third-party applications running on top of any Android device. Inter-process communication is one of the most notable features of the Android framework as it allows the reuse of components across process boundaries. This mechanism is used as gateway to access different sensitive services in the Android framework. In the Android platform, this communication system is usually driven by a late runtime binding messaging object known as Intent. In this paper, we evaluate the effectiveness of Android Intents (explicit and implicit) as a distinguishing feature for identifying malicious applications. We show that Intents are semantically rich features that are able to encode the intentions of malware when compared to other well-studied features such as permissions. We also argue that this type of feature is not the ultimate solution. It should be used in conjunction with other known features. We conducted experiments using a dataset containing 7,406 applications that comprise of 1,846 clean and 5,560 infected applications. The results show detection rate of 91% using Android Intent against 83% using Android permission. Additionally, experiment on combination of both features results in detection rate of 95.5%.

show abstract

Section: Data Collection and Analysismentioning

confidence: 99%

Section: Effectivenessmentioning

confidence: 99%

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

Feizollah

Anuar

Salleh

et al. 2017

Computers & Security

209

View full text Add to dashboard Cite

show abstract

“…It is worth noted that a mix of variety static features types was used in the studied works. For example, in some works, a mapping between API calls and requested permissions has been used to avoid permission-over privileged such as in [93,94]. Moreover, in [95], the permissions have been used with some app metadata like app's price, a number of downloads, user rating, and app description to distinguish the benign form malware apps.…”

Section: Semantic Featuresmentioning

confidence: 99%

“…Generally, the benign-ware dataset in most of the studied works such as [33,51,54,61,67,71,[85][86][87][88][89]125] was collected from the official Android app market (Google Play). In some other works, the benign dataset has been collected from the third-party markets such as in [49,94,126,127]. And in some other works, a benign dataset that includes apps from each of the official and third-party markets has been used such as in [50,128,129].…”

Section: Benign Datasetmentioning

confidence: 99%

The Android malware detection systems between hope and reality

2019

View full text Add to dashboard Cite

The widespread use of Android-based smartphones made it an important target for malicious applications' developers. So, a large number of frameworks have been proposed to tackle the huge number of daily published malwares. Despite there are many review papers that have been conducted in order to shed light on the works that achieved in Android malware analysing domain, the number of conducted review papers do not fit with the importance of this research field and with the volume of achieved works. Also, there is no comprehensive taxonomy for all research trends in the field of analysing malicious applications targeting the Android system. Furthermore, none of the existing review papers contains a schematic model that makes it easy for the reader to know the methods and methodologies used in a particular field of research without much effort. This paper aims at proposing a comprehensive taxonomy and suggesting a new schematic review approach. To this end, a review of a large number of works that achieved between 2009 and 2019 has been conducted. The achieved study includes more than 200 papers that have different goals such as apps' behaviour analysis, automatic user interface triggers or packer/unpacker frameworks development. Also, a comprehensive taxonomy has been proposed so that most of the previous works can be classified under it. To the best of our knowledge, the suggested taxonomy is the widest and the most comprehensive in terms of the covered research trends. Moreover, we have proposed a detailed schematic model (called Schematic Review Model) illustrates the process of detecting the malignant applications of an Android in the light of the studied works and the proposed taxonomy. To our knowledge, this is the first time that the Android malware detection methods have been explained in this way with this amount of detail. Furthermore, the studied researches have been analysed according to multiple criteria such as used analysing method, used features, used detection method, and used dataset. Also, the features used in the studied works were discussed in detail by dividing it into multiple classes. Moreover, the challenges facing Android's malware analysing methods were discussed in detail. Finally, it has been concluded that there are gaps between the size and the goal of the conducted works and the number of malicious apps published every day, so some future works areas have been proposed and discussed.

show abstract

“…Moonsamy ve ark. [8] izinlere teker teker bakmak yerine birlikte kullanımlarına göre gruplamaya çalışmış, ve bu yaklaşım üzerinden tespit için algoritma geliştirmişlerdir.…”

Section: öNceki̇ çAlişmalarunclassified

Mobile malware classification based on permission data

Egemen

Inal

Lévi

2015

2015 23nd Signal Processing and Communications Applications Conference (SIU)

View full text Add to dashboard Cite

Özetçe-Mobil cihazların günümüzdeki yaygınılığı, bu cihazların güvenliğiyle ilgili konuların önem kazanmasına neden olmuştur. En yaygın olarak kullanılan mobil işletim sistemlerinden biri olan Android işletim sistemi, aynı zamanda üçüncü parti uygulamalarla birlikte kötücül uygulamalar tarafından en çok hedef alınan mobil işletim sistemidir. Bu bildiride, Android işletim sistemini hedef alan kötücül uygulamaların tespiti için bir makine öğrenmesi yöntemi olan sınıflandırma kullanılarak, öznitelik olarak uygulama izinlerini temel alan bir yöntem geliştirilmiştir. 5271 kötücül, 5097 iyi amaçlı uygulamadan oluşan veri kümesi üzerinde yapılan öğrenme ve test işlemleri sonucunda, Random Forest yöntemi ile uygulamaların sınıflandırılmasında %98 performans elde edilmiştir. Bu çalışma ile sadece uygulama izinlerine dayalı bir sistemle bile kötücül yazılım sınıflandırma başarımının ne kadar yükseltilebileceği özellikle vurgulanmıştır. Anahtar Kelimeler -android; mobil; izinler; makine öğrenmesi; sınıflandırma; kötücül uygulamaAbstract-The prevalence of mobile devices in today's world caused the security of these devices questioned more frequently than ever. Android, as one of the most widely used mobile operating systems, is the most likely target for malwares through third party applications. In this work, a method has been devised to detect malwares that target Android platform, by using classification based machine learning. In this study, we use permissions of applications as the features. After the training and test steps on the dataset consisting 5271 malwares and 5097 goodwares, we conclude that Random Forest classification results in 98% performance on the classification of applications. This work emphasizes how much mobile malware classification result can be improved by a system using only the permissions data.

show abstract

Mining permission patterns for contrasting clean and malicious android applications

Cited by 94 publications

References 23 publications

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

The Android malware detection systems between hope and reality

Mobile malware classification based on permission data

Contact Info

Product

Resources

About