Investigating Android permissions and intents for malware detection (original) (raw)
Related papers
An Android Malware Detection Framework-based on Permissions and Intents
Defence Science Journal, 2016
With an exponential growth in smartphone applications targeting useful services such as banks, healthcare, m-commerce, security has become a primary concern. The applications downloaded from unofficial sources pose a security threat as they lack mechanisms for validation of the applications. The malware infected applications may lead to several threats such as leaking user’s private information, enforcing malicious deductions for sending premium SMS, getting root privilege of the android system and so on. Existing anti-viruses depend on signature databases that need to be updated from time to time and are unable to detect zero-day malware. The Android Operating system allows inter-application communication through the use of component reuse by using intents. Unfortunately, message passing is also an application attack surface. A hybrid method for android malware detection by analysing the permissions and intent-filters of the manifest files of the applications is presented. A malwar...
Permission-Based Android Malware Detection
International Journal of Scientific & Technology Research, 2013
Mobile devices have become popular in our lives since they offer almost the same functionality as personal computers. Among them, Android-based mobile devices had appeared lately and, they were now an ideal target for attackers. Android-based smartphone users can get free applications from Android Application Market. But, these applications were not certified by legitimate organizations and they may contain malware applications that can steal privacy information for users. In this paper, a framework that can detect android malware applications is propos ed to help organizing Android Market. The proposed framework intends to develop a machine learning-based malware detection system on Android to detect malware applications and to enhance security and privacy of smartphone users. This system monitors various permissionbased features and events obtained from the android applications, and analyses these features by using machine learning classifiers to classify whether the application i...
IMIAD: Intelligent Malware Identification for Android Platform
2019 International Conference on Computer and Information Sciences (ICCIS), 2019
Android malware applications and their detection have been under study by security experts for quite some time, but it gained special attention since the evergrowing use of smartphones. Normally, two methods have been commonly used for their identification. One, in which the code and information flow are analyzed is called the static analysis, whereas, in dynamic analysis, malware behaviour is over served at runtime (by executing it in a sandbox environment). It has been observed that both techniques when used separately, fail to identify all the malware, and, an analysis based on this, fail to achieve good accuracy. There is a need to make use of both these strategies for malware identification, so, if any malignant application identification fails during the static analysis, it gets caught during the dynamic one. Though researchers have used a combination of these two approaches and proposed different malware detection strategies, however, to the best of our knowledge none of them has examined the consent model associated with the applications intent in combination with others. Keeping this observation in mind, our proposed technique is a hybrid approach, based on applications intent, its permissions, static and dynamic data. Our supervised learning-based approach results have shown m 96% accuracy in detecting malware applications using gradient boosting classifier
Machine Learning-Based Android Malware Detection Using Manifest Permissions
Proceedings of the Annual Hawaii International Conference on System Sciences, 2021
The Android operating system is currently the most prevalent mobile device operating system holding roughly 54 percent of the total global market share. Due to Android's substantial presence, it has gained the attention of those with malicious intent, namely, malware authors. As such, there exists a need for validating and improving current malware detection techniques. Automated detection methods such as anti-virus programs are critical in protecting the wide variety of Android-powered mobile devices on the market. This research investigates effectiveness of four different machine learning algorithms in conjunction with features selected from Android manifest file permissions to classify applications as malicious or benign. Case study results, on a test set consisting of 5,243 samples, produce accuracy, recall, and precision rates above 80%. Of the considered algorithms (Random Forest, Support Vector Machine, Gaussian Naïve Bayes, and K-Means), Random Forest performed the best with 82.5% precision and 81.5% accuracy. authors. In recent years, Android-powered devices have become increasingly targeted due in part to their increased use for business and financial tasks. Apps now routinely process sensitive financial and personal information as part of mobile banking, social media, and communication programs. Norton Anti-virus (AV) defines malware as "software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner" [3]. Norton further delineates types of malware as spyware, ransomware, viruses, worms, Trojan horses, and adware. In 2017, Kaspersky Labs reported the detection of 5,730,916 malicious installation packages, 94,368 mobile banking Trojans, and 544,107 mobile ransomware Trojans [4]. As such, it can be said that there exists a strong need for accurate and reliable commercial anti-virus (AV) tools in the Android environment and that malware in mobile devices can be a substantial threat [5]. While academicians are interested in detecting malicious activity [17,30-31], opportunities abound to improve Android malware detection accuracy in commercial AV. Zhou and Jiang [7] evaluated Android malware detection using the following antivirus programs: AVG Antivirus Free v2.9 (AVG), Lookout Security & Antivirus v6.9 (or Lookout), Norton Mobile Security Lite v2.5.0.379 (Norton), and TrendMicro Mobile Security Personal Edition v2.0.0.1294 (TrendMicro). The anti-virus programs were used to scan separate devices afflicted with 1,260 samples of malware. Of the 1,260 samples, AVG was able to detect 689 samples (54.7%), Lookout 1,003 samples (79.6%), Norton 254 samples
Permission-based Malware Detection Mechanisms on Android: Analysis and Perspectives
Android security has been built upon a permission-based mechanism which restricts accesses of third-party Android applications to critical resources on an Android device. The user must accept the set of permissions an application requires, before proceeding the installation. This process aims to inform the users of the risk of installing and using an application on their device; but most often, even when the permission system is well understood, users are not aware enough of the threat endangered, and trust either the application store or the popularity of the application, and accept the installation without trying to analyse the intentions of the developer. Increasingly, one develops approaches aiming to characterise malware with the permissions, either individually or associatively, with machine learning classifiers. The objective in this paper is to investigate in the literature mechanisms for the characterisation and detection of malware based on the previous aspects. For that, we illustrate and describe limitations of existing works and promising considerations for future research.
Reduced Permissions Schema for Malware Detection in Android Smartphones
Day after day the dependence on smart devices is increasing, especially smart phones. As, smartphone is not just a phone device but also it is smart TV, GPS, smart camera and tablets, with expansion in the use of mobile in critical tasks such as online banking services, business transactions, and storing critical information such as credit cards, passwords and personal data, the malware's attacks are increased. Most of current malware detection solutions for mobile devices can detect known malware but cannot detect newfangled malware and others malware detection techniques depend on monitoring the behavior of the malware but the monitoring on the Smartphone can be a very heavy consuming task. Hence, there is a need to develop a mobile malware detection that can provide an effective solution to protect the mobile user from any malware and at t he same t ime a ddress the li mitation of mobile devices environment. In this paper we focused on extracted android system permissions from android applications .apk files. The research focused in reducing the number of android permissions to be used as features for machine learning classifier to detect android malware application.
Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review
Sensors
Smartphone adaptation in society has been progressing at a very high speed. Having the ability to run on a vast variety of devices, much of the user base possesses an Android phone. Its popularity and flexibility have played a major role in making it a target of different attacks via malware, causing loss to users, both financially and from a privacy perspective. Different malware and their variants are emerging every day, making it a huge challenge to come up with detection and preventive methodologies and tools. Research has spawned in various directions to yield effective malware detection mechanisms. Since malware can adopt different ways to attack and hide, accurate analysis is the key to detecting them. Like any usual mobile app, malware requires permission to take action and use device resources. There are 235 total permissions that the Android app can request on a device. Malware takes advantage of this to request unnecessary permissions, which would enable those to take mal...
IJERT-Momentous Permission Identification for Android Apps Malware Detection
International Journal of Engineering Research and Technology (IJERT), 2020
https://www.ijert.org/momentous-permission-identification-for-android-apps-malware-detection https://www.ijert.org/research/momentous-permission-identification-for-android-apps-malware-detection-IJERTCONV8IS09003.pdf The project titled "Momentous Permission Identification for Android Apps Malware Detection" Unlike other competing smart-mobile device platforms, such as iOS, Android allows users to install applications from unverified sources such as third-party app stores and file-sharing websites. The malware infection issue has been so serious that a recent report indicates that 97% of all mobile malware target Android devices. To address the elevating security concerns, researchers and analysts have used various approaches to develop Android malware detection tools. So a scalable malware detection approach is required that effectively and efficiently identifies malwares. Various malware detection tools have been developed, including system-level and network level approaches. However, scaling the detection for a large bundle of apps remains a challenging task. So this project introduces Significant Permission IDentification (SigPID), a malware detection system based on permission usage analysis to cope with the rapid increase in the number of Android malware. Instead of extracting and analyzing all Android permissions, this project develops three levels of pruning by mining the permission data to identify the most significant permissions that can be effective in distinguishing between benign and malicious apps. Then it utilizes machine-learning-based classification methods to classify different families of malware and benign apps. This project identifies dangerous permission list, benign permission list and reduce non-sensitive permissions and apply SVM classification on the new data set.
2014
Android mobile devices have developed very fast in past decade and have been very widespread in all over the world. Nowadays, several applications are available on application markets. The number of android applications also increases with the increase in the variety of applications. Those applications may become very dangerous for the users of android mobile devices because of fast development and wide variety of applications. Some applications may have the malicious activities such as novelty and amusement, selling user information and stealing user credentials etc. For this reason, the detection of malicious android applications has become very important in recent years for the security of mobile device's users. In this study, the permissions required for the installation and running processes of android applications were analyzed to determine best performing feature selection methods and classification algorithms which are used for detecting the malicious applications in android mobile devices. 4 feature selection methods consisted of attribute based and subset based selection methods used to reduce the number of attributes and to increase the performance of classification algorithms. The classification algorithms were chosen from the Bayesian, decision tree and SVM classification algorithms in order to compare the performance of different type of classification algorithms. Moreover, the effect of dataset size was investigated to measure the performance of classification algorithms. The permissions are also analyzed in accordance with their presence in the malicious applications by using the clustering analysis.
A Hierarchical Approach for Android Malware Detection Using Authorization-Sensitive Features
Electronics
Android’s openness has made it a favorite for consumers and developers alike, driving strong app consumption growth. Meanwhile, its popularity also attracts attackers’ attention. Android malware is continually raising issues for the user’s privacy and security. Hence, it is of great practical value to develop a scientific and versatile system for Android malware detection. This paper presents a hierarchical approach to design a malware detection system for Android. It extracts four authorization-sensitive features: basic blocks, permissions, Application Programming Interfaces (APIs), and key functions, and layer-by-layer detects malware based on the similar module and the proposed deep learning model Convolutional Neural Network and eXtreme Gradient Boosting (CNNXGB). This detection approach focuses not only on classification but also on the details of the similarities between malware software. We serialize the key function in light of the sequence of API calls and pick up a similar...