Abstract
The Android OS environment is today increasingly targeted by malwares. Traditional signature based detection algorithms are not able to provide complete protection especially against ad-hoc created malwares. In this paper, we present a feasibility analysis for enhancing the detection accuracy on Android malware for approaches relying on machine learning classifiers and Android applications’ static features. Specifically, our study builds on the basis of machine learning classifiers operating over different fusion rules on Android applications’ permissions and APIs. We analyse the performance of different configurations in terms of false alarms tradeoff. Results demonstrate that malware detection accuracy could be enhanced in case that detection approaches introduce additional fusion rules e.g., squared average score over the examined features.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
The proper syntax is the following: uses-permission android:name=permission-name.
References
Android and security: Google bouncer. http://googlemobile.blogspot.it/2012/02/android-and-security.html
Report: malware-infected android apps spike in the google play store. http://www.pcworld.com/article/2099421/report-malwareinfected-android-apps-spike-in-the-google-play-store.html
Aafer, Y., Du, W., Yin, H.: Droidapiminer: mining api-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) Security and Privacy in Communication Networks. LNICST, vol. 127, pp. 86–103. Springer International Publishing, Heidelberg (2013)
Altman, N.S.: An introduction to kernel and nearest-neighbor nonparametric regression. Am. Stat. 46(3), 175–185 (1992)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2013 (2014)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 73–84. ACM, New York (2010)
Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In: Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, SOAP 2012, pp. 27–38. ACM, New York (2012)
Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Disc. 2(2), 121–167 (1998)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638. ACM, New York (2011)
Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2Nd USENIX Conference on Web Application Development, WebApps 2011, p. 7. USENIX Association, Berkeley (2011)
Friedman, J., Hastie, T., Tibshirani, R.: Additive logistic regression: a statistical view of boosting. Ann. Stat. 28, 2000 (1998)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys 2012, pp. 281–294. ACM, New York (2012)
Huang, C.Y., Tsai, Y.T., Hsu, C.H.: Performance evaluation on permission-based detection for android malware. In: Pan, J.S., Yang, C.N., Lin, C.C. (eds.) Advances in Intelligent Systems and Applications - Volume 2. Smart Innovation, Systems and Technologies, vol. 21, pp. 111–120. Springer, Berlin (2012)
IDC: Worldwide smartphone os market in 4q12, May 2013
Laskov, P., Lippmann, R.: Machine learning in adversarial environments. Mach. Learn. 81(2), 115–119 (2010)
Liang, S., Might, M., Horn, D.V.: Anadroid: malware analysis of android with user-supplied predicates. CoRR abs/1311.4198 (2013)
Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: Whyper: towards automating risk assessment of mobile applications. In: Proceedings of the 22Nd USENIX Conference on Security, SEC 2013, pp. 527–542. USENIX Association, Berkeley (2013)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.: On the automatic categorisation of android applications. In: Consumer Communications and Networking Conference, CCNC 2012, pp. 149–153. IEEE, January 2012
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: permission usage to detect malware in android. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E. (eds.) CISIS 2012-ICEUTE 2012-SOCO 2012. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Nieves, J., Bringas, P.G., lvarez Maran, G.: Mama: manifest analysis for malware detection in android. Cybern. Syst. 44(6–7), 469–488 (2013)
Sato, R., Chiba, D., Goto, S.: Detecting android malware by analyzing manifest files. Proc. Asia-Pac. Adv. Netw. 36, 23–31 (2013)
Sbirlea, D., Burke, M., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in android applications. IBM J. Res. Develop. 57(6), 10:1–10:12 (2013)
Shahzad, R., Lavesson, N.: Veto-based malware detection. In: ARES 2012 Seventh International Conference on Availability, Reliability and Security, pp. 47–54, August 2012
Vallee-Rai, R. Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot - a java bytecode optimization framework. In: Proceedings of CASCON 1999 (1999)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the android ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 31–40. ACM, New York (2012)
Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: Droidmat: android malware detection through manifest and api calls tracing. In: Proceedings of the 2012 Seventh Asia Joint Conference on Information Security, ASIAJCIS 2012, pp. 62–69. IEEE Computer Society, Washington (2012)
Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X.: Upgrading your android, elevating my malware: Privilege escalation through mobile os updating. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 393-408 (2014)
Xu, W., Zhang, F., Zhu, S.: Permlyzer: Analyzing permission usage in android applications. In: IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, pp. 400–410, November 2013
Yiming, J., Ahn, G.J., Ziming, Z., Hongxin, H.: Riskmon: continuous and automated risk assessment of mobile applications. In: Proceeding of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY) (2011)
Zheng, M., Sun, M., Lui, J.C.S.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM 2013, pp. 163–171. IEEE Computer Society, Washington (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109, May 2012
Zhou, Y., Jiang, X.: Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th Annual Symposium on Network and Distributed System Security (2013)
Zhu, J., Guan, Z., Yang, Y., Yu, L., Sun, H., Chen, Z.: Permission-based abnormal application detection for android. In: Chim, T., Yuen, T. (eds.) Information and Communications Security. LNCS, vol. 7618, pp. 228–239. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Geneiatakis, D., Satta, R., Fovino, I.N., Neisse, R. (2015). On the Efficacy of Static Features to Detect Malicious Applications in Android. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)