Skip to main content
SpringerLink
Log in

On the Efficacy of Static Features to Detect Malicious Applications in Android

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9264))

Included in the following conference series:

Abstract

The Android OS environment is today increasingly targeted by malwares. Traditional signature based detection algorithms are not able to provide complete protection especially against ad-hoc created malwares. In this paper, we present a feasibility analysis for enhancing the detection accuracy on Android malware for approaches relying on machine learning classifiers and Android applications’ static features. Specifically, our study builds on the basis of machine learning classifiers operating over different fusion rules on Android applications’ permissions and APIs. We analyse the performance of different configurations in terms of false alarms tradeoff. Results demonstrate that malware detection accuracy could be enhanced in case that detection approaches introduce additional fusion rules e.g., squared average score over the examined features.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://code.google.com/p/android-permissions-feature-analysis/.

  2. 2.

    The proper syntax is the following: uses-permission android:name=permission-name.

References

  1. Android and security: Google bouncer. http://googlemobile.blogspot.it/2012/02/android-and-security.html

  2. Report: malware-infected android apps spike in the google play store. http://www.pcworld.com/article/2099421/report-malwareinfected-android-apps-spike-in-the-google-play-store.html

  3. Aafer, Y., Du, W., Yin, H.: Droidapiminer: mining api-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) Security and Privacy in Communication Networks. LNICST, vol. 127, pp. 86–103. Springer International Publishing, Heidelberg (2013)

    Chapter  Google Scholar 

  4. Altman, N.S.: An introduction to kernel and nearest-neighbor nonparametric regression. Am. Stat. 46(3), 175–185 (1992)

    MathSciNet  Google Scholar 

  5. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2013 (2014)

    Google Scholar 

  6. Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 73–84. ACM, New York (2010)

    Google Scholar 

  7. Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In: Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, SOAP 2012, pp. 27–38. ACM, New York (2012)

    Google Scholar 

  8. Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Disc. 2(2), 121–167 (1998)

    Article  Google Scholar 

  9. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638. ACM, New York (2011)

    Google Scholar 

  10. Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2Nd USENIX Conference on Web Application Development, WebApps 2011, p. 7. USENIX Association, Berkeley (2011)

    Google Scholar 

  11. Friedman, J., Hastie, T., Tibshirani, R.: Additive logistic regression: a statistical view of boosting. Ann. Stat. 28, 2000 (1998)

    MathSciNet  Google Scholar 

  12. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys 2012, pp. 281–294. ACM, New York (2012)

    Google Scholar 

  13. Huang, C.Y., Tsai, Y.T., Hsu, C.H.: Performance evaluation on permission-based detection for android malware. In: Pan, J.S., Yang, C.N., Lin, C.C. (eds.) Advances in Intelligent Systems and Applications - Volume 2. Smart Innovation, Systems and Technologies, vol. 21, pp. 111–120. Springer, Berlin (2012)

    Chapter  Google Scholar 

  14. IDC: Worldwide smartphone os market in 4q12, May 2013

    Google Scholar 

  15. Laskov, P., Lippmann, R.: Machine learning in adversarial environments. Mach. Learn. 81(2), 115–119 (2010)

    Article  Google Scholar 

  16. Liang, S., Might, M., Horn, D.V.: Anadroid: malware analysis of android with user-supplied predicates. CoRR abs/1311.4198 (2013)

    Google Scholar 

  17. Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: Whyper: towards automating risk assessment of mobile applications. In: Proceedings of the 22Nd USENIX Conference on Security, SEC 2013, pp. 527–542. USENIX Association, Berkeley (2013)

    Google Scholar 

  18. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.: On the automatic categorisation of android applications. In: Consumer Communications and Networking Conference, CCNC 2012, pp. 149–153. IEEE, January 2012

    Google Scholar 

  19. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: permission usage to detect malware in android. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E. (eds.) CISIS 2012-ICEUTE 2012-SOCO 2012. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)

    Google Scholar 

  20. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Nieves, J., Bringas, P.G., lvarez Maran, G.: Mama: manifest analysis for malware detection in android. Cybern. Syst. 44(6–7), 469–488 (2013)

    Article  Google Scholar 

  21. Sato, R., Chiba, D., Goto, S.: Detecting android malware by analyzing manifest files. Proc. Asia-Pac. Adv. Netw. 36, 23–31 (2013)

    Article  Google Scholar 

  22. Sbirlea, D., Burke, M., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in android applications. IBM J. Res. Develop. 57(6), 10:1–10:12 (2013)

    Article  Google Scholar 

  23. Shahzad, R., Lavesson, N.: Veto-based malware detection. In: ARES 2012 Seventh International Conference on Availability, Reliability and Security, pp. 47–54, August 2012

    Google Scholar 

  24. Vallee-Rai, R. Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot - a java bytecode optimization framework. In: Proceedings of CASCON 1999 (1999)

    Google Scholar 

  25. Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the android ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 31–40. ACM, New York (2012)

    Google Scholar 

  26. Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: Droidmat: android malware detection through manifest and api calls tracing. In: Proceedings of the 2012 Seventh Asia Joint Conference on Information Security, ASIAJCIS 2012, pp. 62–69. IEEE Computer Society, Washington (2012)

    Google Scholar 

  27. Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X.: Upgrading your android, elevating my malware: Privilege escalation through mobile os updating. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 393-408 (2014)

    Google Scholar 

  28. Xu, W., Zhang, F., Zhu, S.: Permlyzer: Analyzing permission usage in android applications. In: IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, pp. 400–410, November 2013

    Google Scholar 

  29. Yiming, J., Ahn, G.J., Ziming, Z., Hongxin, H.: Riskmon: continuous and automated risk assessment of mobile applications. In: Proceeding of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY) (2011)

    Google Scholar 

  30. Zheng, M., Sun, M., Lui, J.C.S.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM 2013, pp. 163–171. IEEE Computer Society, Washington (2013)

    Google Scholar 

  31. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109, May 2012

    Google Scholar 

  32. Zhou, Y., Jiang, X.: Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th Annual Symposium on Network and Distributed System Security (2013)

    Google Scholar 

  33. Zhu, J., Guan, Z., Yang, Y., Yu, L., Sun, H., Chen, Z.: Permission-based abnormal application detection for android. In: Chim, T., Yuen, T. (eds.) Information and Communications Security. LNCS, vol. 7618, pp. 228–239. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical and Computer Engineering Department, Aristotle University of Thessaloniki, GR541 24, Thessaloniki, Greece

    Dimitris Geneiatakis

  2. European Commission, Joint Research Centre (JRC), Institute for the Protection and Security of the Citizen (IPSC), Via Enrico Fermi 2749, 21027, Ispra, Italy

    Riccardo Satta, Igor Nai Fovino & Ricardo Neisse

Authors
  1. Dimitris Geneiatakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Riccardo Satta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Nai Fovino
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ricardo Neisse
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dimitris Geneiatakis .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. University of Malaga, Málaga, Spain

    Javier López

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Geneiatakis, D., Satta, R., Fovino, I.N., Neisse, R. (2015). On the Efficacy of Static Features to Detect Malicious Applications in Android. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22906-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22905-8

  • Online ISBN: 978-3-319-22906-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation