A Machine Learning Approach to Anomaly-Based Detection on Android Platforms (original) (raw)

Abstract

The emergence of mobile platforms with increased storage and computing capabilities and the pervasive use of these platforms for sensitive applications such as online banking, e-commerce and the storage of sensitive information on these mobile devices have led to increasing danger associated with malware targeted at these devices. Detecting such malware presents inimitable challenges as signature-based detection techniques available today are becoming inefficient in detecting new and unknown malware. In this research, a machine learning approach for the detection of malware on Android platforms is presented. The detection system monitors and extracts features from the applications while in execution and uses them to perform in-device detection using a trained K-Nearest Neighbour classifier. Results shows high performance in the detection rate of the classifier with accuracy of 93.75%, low error rate of 6.25% and low false positive rate with ability of detecting real Android malware.

Loading...

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

References (35)

  1. Babu R.V., Phaninder R., Himanshu P. & Mahesh U.P., (2015). Androinspector: A System for Comprehensive Analysis of Android Applications. International Journal of Network Security & its Applications (IJNSA) Vol.7, No.5, September 2015, pp. 1-21. DOI: 10.5121/ijnsa.2015.75011.
  2. Statista, (2015). Global Smartphone Sales 2009-2014, by OS. Retrieved from http://www.statista.com
  3. Gartner, (2015). Gartner Report "Market Share: Devices, All Countries, 4Q14 Update." Retrieved from www.gartner.com
  4. Zhou Yajin, Wang Zhi, Zhou Wu, & Xuxian Jiang (2012). Hey, you, get off of my Market: Detecting malicious Apps in Official and Alternative Android Markets. In Proceedings of the 19th Network and Distributed System Security Symposium, 2012, pp. 44.
  5. Joshua Abah, Waziri O.V., Abdullahi M.B. , Ume U.A. & Adewale O.S., (2015). Extracting Android Applications Data for Anomaly-based Malware Detection. Global Journal of Computer Science and Technology (E) Network, Web and Security (GJCST-E), 15(5): Version I, pp. 1-8.
  6. Nwokedi I. & Aditya P.M., (2007). A Survey of Malware Detection Techniques. Unpublished Predoctoral Fellowship and Purdue Doctoral Fellowship Research Report, Department of Computer Science, Purdue University, West Lafayette IN 47907. pp. 1-48.
  7. Srikanth R., (2012). Mobile Malware Evolution, Detection and Defense, EECE 571B Unpublished Term Survey Paper, Institute for Computing, Information and Cognitive Systems, University of British Columbia, Vancouver, Canada, April, 2012, pp.1-4. Retrieved from http://www.cs.tufts.edu/../adinesh.pdf
  8. Ethan M. (2006). Establishing Moore's Law. IEEE Annals of the History of Computing. Retrieved from http://www.google.com
  9. Schmidt Aubery-Derrick, (2011). Detection of Smart Phone Malware. Unpublished PhD. Thesis Electronic and Information Technology University Berlin. pp. 1-211.
  10. Christodorescu Mihai & Jha Somesh, (2003). Static Analysis of Executables to Detect Malicious Patterns. In Proceedings of the 12th conference on USENIX Security Symposium -Volume 12, SSYM'03, pp. 12, Berkeley, CA, USA, 2003.
  11. Raymond W. Lo, Karl N. Levitt & Ronald A. Olsson. (1995). MCF: A Malicious Code Filter. Computers and Security, 14(6), pp. 541 -566.
  12. Bryan Dixon, Yifei Jiang, Abhishek Jaiantilal, & Shivakant Mishra, (2011). Location based Power Analysis to Detect Malicious Code in Smartphones. In Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '11, pp. 27-32.
  13. Hahnsang Kim, Joshua Smith & Kang G. Shin, (2008). Detecting Energy Greedy Anomalies and Mobile Malware Variants. In Proceedings of the 6th international conference on Mobile Systems, Applications, and Services, MobiSys '08, pp. 239-252.
  14. Lei Liu, Guanhua Yan, Xinwen Zhang & Songqing Chen, (2009). Virusmeter: Preventing your Cell Phone from Spies. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, RAID '09, pp. 244-264.
  15. Tchakounté F. & Dayang P. (2013). System Calls Analysis of Malwares on Android. International Journal of Science and Technology 2(9), pp. 669-674.
  16. Burquera I., Zurutuza U. & Nadjm-Tehrani S., (2011). Crowdroid: Behavior-based Malware Detection System for Android. In Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15-26.
  17. Liang Xie, Xinwen Zhang, Jean-Pierre Seifert, & Sencun Zhu, (2010). PBMDS: A Behavior-based Malware Detection System for Cell Phone Devices. In Proceedings of the third ACM conference on Wireless network security, WiSec '10, pp. 37-48.
  18. Abhijit Bose, Xin Hu, Kang G. Shin, & Taejoon Park, (2008). Behavioral Detection of Malware on Mobile Handsets. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys '08, pp. 225-238.
  19. Yerima S.Y., Sezer S. & McWilliams G., (2014). Analysis of Bayesian Classification Based Approaches for Android Malware Detection. IET Information Security, Volume 8, Issue 1, January 2014, p. 25 -36, DOI: 10.1049/iet-ifs.2013.0095.
  20. Zico J. Kolter & Marcus A., (2006). Maloof: Learning to Detect and Classify Malicious Executables in the Wild. J. Mach. Learn. Res., 7, pp. 2721-2744, December, 2006.
  21. Matthew G. Schultz, Eleazar Eskin, Erez Zadok & Salvatore J. Stolfo, (2001). Data Mining Methods for Detection of New Malicious Executables. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, SP'01, pp. 38-, Washington, DC, USA, 2001. IEEE Computer Society.
  22. Tesauro G.J., Kephart J.O., & Sorkin G.B., (1996). Neural Networks for Computer Virus Recognition. IEEE Expert, 11(4), pp.5-6.
  23. Asaf S., Uri K., Yuval E., Chanan G. & Yael W., (2011). Andromaly: A Behavioural Malware Detection Framework for Android Devices. Journal of Intelligent Information Systems, pp. 1-30. doi: 10.1007/s10844-010-0148-x.
  24. Schmidt Aubery-Derrick, Jan Hendrik Clausen, Seyit Ahmet Camtepe & Sahin Albayrak, (2009). Detectiong Symbian OS Malware through Static Function Calls Analysis. In Proceedings of the 4th IEEE International Conference on Malicious and unwanted Software (Malware 2009), pp. 1522, IEEE, 2009.
  25. Schmidt Aubery-Derrick, Frank Peters, Florian Lamour & Sahin Albayrak, (2008). Monitoring Smartphones for Anomaly Detection. In Proceedings of the 1st International Conference on MOBILe Wireless MiddleWARE, Operating Systems and Applications (MOBILEWARE '08), pp.16, ICST, Brussels, Belgium, Belgium, 2008.
  26. Dini G., Martinelli F., Saracino A. & Sgandurra, A. (2012). MADAM: A Multi-level Anomaly Detector for Android Malware. Computer Network Security, 7531, pp. 240-253. Retrieved from www.links.springer.com/book.
  27. Portokalidis G., Homburg P., Anagnostakis, K. & Bos, H., (2010). Paranoid Android: Versatile Protection for Smartphones. In Proceedings of the ACM 26th Annual Computer Security Applications Conference, ACSAC'10, ACSAC '10, New York, NY, USA, pp. 347-356.
  28. Mirela S.M., Azzedine B., & Annoni N. (2002). Behaviour-based Intrusion Detection in Mobile Phone Systems. Journal of Parallel and Distributed Computing, 62, pp. 1476-1490.
  29. Jerry C., Starsky H.Y.W., Hao Y., and Songwu L. (2007). SmartSiren: Virus Detection and Alert for Smartphones. In Proceedings of the 5th International Conference on Mobile Systems, Applications and Services (MobiSys' 07), ACM New York, NY, USA, pp. 258-271. doi: 10.1145/1247660.1247690.
  30. Kwak N., & Choi C.H., (2002). Input Feature Selection for Classification Problems. IEEE Transactions on Neural Networks 13(1) January, 2002. pp. 143-159.
  31. Weka Tool Android Version retrieved from https://github.com/rjmarsan/Weka-for-Android
  32. Clayton Scott & Robert Nowak, (2005). A Neyman-pearson Approach to Statistical Learning. IEEE Transactions on Information Theory, 51(11), pp. 3806-3819.
  33. Mercer J., (1909). Functions of positive and negative type, and their connection with the theory of integral equations. Philosophical Transactions of the Royal Society of London. Series A, Containing Papers of a Mathematical or Physical Character, 209, pp. 415 -446.
  34. Su S., Chuah M. & Tan G., (2012). Smartphone Dual Defense Protection Framework: Detecting Malicious Applications in Android Markets, Proceedings of the 2012 8th International Conference on Mobile Ad hoc and Sensor Networks, Chengdu, China, pp. 153-160.
  35. Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, Fairuz Amalina, Rauf Ridzuan Ma'arof & Shahaboddin Shamshirband, (2013). A Study of Machine Learning Classifiers for Anomaly-based Mobile Botnet Detection. Malaysian Journal of Computer Science, 26(4), pp. 251-265.