Abstract
The meteoric growth of the Android mobile platform has made it a main target of cyber-criminals. Mobile malware specifically targeting Android has surged and grown in tandem with the rising popularity of the platform [3, 5, 4, 6]. In response, the honus is on defenders to increase the difficulty of malware development to curb its rampant growth, and to devise effective detection mechanisms specifically targeting Android malware in order to better protect the end-users.
In this paper, we address the following question: do malicious applications on Android request predictably different permissions than legitimate applications? Based on analysis of 2950 samples of benign and malicious Android applications, we propose a novel Android malware detection technique called Permission-based Malware Detection Systems (PMDS). In PMDS, we view requested permissions as behavioral markers and build a machine learning classifier on those markers to automatically identify for unseen applications potentially harmful behavior based on the combination of permissions they require. By design, PMDS has the potential to detect previously unknown, and zero-day or next-generation malware. If attackers adapt and request for fewer permissions, PMDS will have impeded the simple strategies by which malware developers currently abuse their victims.
Experimental results show that PMDS detects more than 92–94% of previously unseen malware with a false positives rate of 1.52–3.93%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The International Telecommunication Union. The World in 2014: ICT Facts and Figures (2014), http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf
Gartner Forecast: PCs, Ultramobiles, and Mobile Phones, Worldwide, 2011-2018, 2Q 2014 (2014), http://www.gartner.com/document/2780117
Svajcer, V.: Sophos Mobile Security Threat Report (2014)
Panda Security: Annual Report PandaLabs 2013 (2013), http://press.pandasecurity.com/wp-content/uploads/2010/05/Quarterly-Report-PandaLabs-April-June-2013.pdf
F-Secure: F-Secure Mobile Threat Report Q3 2013 (2013), http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q3_2013.pdf
G Data SecurityLabs: G Data Mobile Malware Report H2 2013 (2013), https://blog.gdatasoftware.com/uploads/media/GData_MobileMWR_H2_2013_EN.pdf
Strategy Analytics: Global Smartphone Installed Base by Operating System for 88 Countries: 2007 to 2017 (2012), http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=7834
IDC: More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC (2013), http://www.idc.com/getdoc.jsp?containerId=prUS24085413
Leavitt, N.: Malicious code moves to mobile devices. IEEE Computer 33(12), 16–19 (2000)
Foley, S.N., Dumigan, R.: Are handheld viruses a significant threat? Communications of the ACM 44(1), 105–107 (2001)
Dagon, D., Martin, T., Starner, T.: Mobile Phones as Computing Devices: The Viruses are Coming! IEEE Pervasive Computing 3(4), 11–15 (2004)
Hypponen, M.: State of cell phone malware in 2007. USENIX (2007), http://www.usenix.org/events/sec07/tech/hypponen.pdf
Lawton, G.: Is it finally time to worry about mobile malware? Computer 41(5), 12–14 (2008)
Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. In: IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012), http://www.malgenomeproject.org
Spreitzenbarth, M., Freiling, F.: Android Malware on the Rise. University of Erlangen, Germany, Tech. Rep. CS-2012-04 (2012)
Huang, C.-Y., Tsai, Y.-T., Hsu, C.-H.: Performance evaluation on permission-based detection for android malware. In: Pan, J.-S., Yang, C.-N., Lin, C.-C. (eds.) Advances in Intelligent Systems & Applications. SIST, vol. 21, pp. 111–120. Springer, Heidelberg (2012)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (2012)
Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on Android markets. In: Proceedings of the 36th International Conference on Software Engineering, ICSE 2014, pp. 175–186. ACM, New York (2014)
Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)
Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party Android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 317–326. ACM, New York (2012)
Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)
Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. ACM (2013)
Siddiqui, M., Wang, M.C., Lee, J.: A Survey of Data Mining Techniques for Malware Detection using File Features. In: Proceedings of the 46th Annual Southeast Regional Conference on XX, pp. 509–510. ACM (2008)
Ye, Y., Wang, D., Li, T., Ye, D.: IMDS: Intelligent Malware Detection System. In: Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1043–1047. ACM (2007)
Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data Mining Methods for Detection of New Malicious Executables. In: IEEE Symposium on Security and Privacy (SP), pp. 38–49. IEEE (2001)
Kolter, J.Z., Maloof, M.A.: Learning to Detect and Classify Malicious Executables in the Wild. The Journal of Machine Learning Research 7, 2721–2744 (2006), JMLR.org
Tabish, S.M., Shafiq, M.Z., Farooq, M.: Malware Detection using Statical Analysis of Byte-Level File Content. Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, pp. 23–31. ACM (2009)
Kiem, H., Thuy, N.T., Quang, T.M.N.: A Machine Learning Approach to Anti-virus System. In: Proceedings of Joint Workshop of Vietnamese Society of AI, SIGKBS-JSAI, ICS-IPSJ and IEICE-SIGAI on Active Mining, Hanoi-Vietnam, pp. 61–65 (2004)
Firdausi, I., Lim, C., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: Second International Conference on Advances in Computing, Control and Telecommunication Technologies (ACT), pp. 201–203. IEEE (2010)
Dua, S., Du, X.: Data mining and machine learning in cybersecurity. Taylor & Francis (2011)
Cohen, W.W.: Fast effective rule induction. In: ICML, vol. 95, pp. 115–123 (1995)
Quinlan, J.R.: C4.5: programs for machine learning, vol. 1. Morgan Kaufmann (1993)
Holmes, G., Donkin, A., Witten, I.H.: Weka: A machine learning workbench.iN: Proceedings of the Second Australian and New Zealand Conference on Intelligent Information Systems, pp. 357–361. IEEE (1994)
Witten, I.H., Frank, E.: Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann (2005)
Cleary, J.G., Trigg, L.E.: K*: An Instance-based Learner Using an Entropic Distance Measure. In: ICML, pp. 108–114 (1995)
John, G.H., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, pp. 338–345. Morgan Kaufmann (1995)
Freund, Y., Schapire, R.E.: A desicion-theoretic generalization of on-line learning and an application to boosting. In: Vitányi, P.M.B. (ed.) EuroCOLT 1995. LNCS, vol. 904, pp. 23–37. Springer, Heidelberg (1995)
The Android Open Source Project: Application Fundamentals, http://developer.android.com/guide/components/fundamentals.html
The Android Open Source Project: System Permissions, http://developer.android.com/guide/topics/security/permissions.html
The Android Open Source Project: App Manifest, http://developer.android.com/guide/topics/manifest/manifest-intro.html
The Android Open Source Project: Android Permissions, http://developer.android.com/guide/topics/security/permissions.html
The Android Open Source Project: PackageManager, http://developer.android.com/reference/android/content/pm/PackageManager.html
The University of Waikato: Attribute-Relation File Format (ARFF), http://www.cs.waikato.ac.nz/ml/weka/arff.html
The University of Waikato: ARFF, http://weka.wikispaces.com/ARFF
Mila: Contagio Mobile, http://contagiominidump.blogspot.it
Google: Google Play Store, https://play.google.com/store
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Rovelli, P., Vigfússon, Ý. (2014). PMDS: Permission-Based Malware Detection System. In: Prakash, A., Shyamasundar, R. (eds) Information Systems Security. ICISS 2014. Lecture Notes in Computer Science, vol 8880. Springer, Cham. https://doi.org/10.1007/978-3-319-13841-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-13841-1_19
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13840-4
Online ISBN: 978-3-319-13841-1
eBook Packages: Computer ScienceComputer Science (R0)