Abstract
With the expected development of the Internet of Things, in which all devices will be connected, mobile devices will play a greater role in providing personalized services and will store larger amounts of personal information. However, the number of malicious applications is also increasing, with the aim being to steal user personal information. Furthermore, given the open-market policies of Android and the distribution structure of the Google Play store, any application developer can readily distribute such applications. On the other hand, end users cannot easily determine whether an application is malicious or not. Therefore, we propose an Android application package (APK) Vulnerability Identification System (AVIS) that can identify malicious applications in advance using the Naïve Bayes classification scheme. To achieve this goal, AVIS builds a dataset by downloading sample applications and extracting their framework methods. To verify the accuracy of AVIS, we analyze sample applications. The APK vulnerability score determined by AVIS is expected to be used as a core metric for quantitatively evaluating the vulnerability of mobile applications.
Similar content being viewed by others
References
Android api. https://developer.android.com/reference/packages.html
Andrubis. https://anubis.iseclab.org
Apk file. https://developer.android.com/tools/building/index.html
Bailey M, Oberheide J, Andersen J, Mao ZM, Jahanian F, Nazario J (2007) Automated classification and analysis of internet malware International workshop on recent advances in intrusion detection. Springer, pp 178–197
Cho T, Na G, Lee D, Yi JH (2015) Account forgery and privilege escalation attacks on android home cloud devices. Adv Sci Lett 21(3):381–386
Dex format. https://source.android.com/devices/tech/dalvik/dex-format.html
Felt AP, Finifter M, Chin E, Hanna S, Wagner D (2011) A survey of mobile malware in the wild Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 3–14
Google bouncer. https://android.googleblog.com/2012/02/android-and-security.html
Google play store. https://play.google.com/store
Han J, Pei J, Kamber M (2011) Data mining: concepts and techniques. Elsevier,
Jung JH, Kim JY, Lee HC, Yi JH (2013) Repackaging attack on android banking applications and its countermeasures. Wirel Pers Commun 73(4):1421–1437
Malware database contagio. http://contagiominidump.blogspot.kr
McCallum A, Nigam K, et al (1998) A comparison of event models for naive bayes text classification AAAI-98 workshop on learning for text categorization, vol 752. Citeseer, pp 41–48
Petsas T, Voyatzis G, Athanasopoulos E, Polychronakis M, Ioannidis S (2014) Rage against the virtual machine: hindering dynamic analysis of android malware Proceedings of the 7th European workshop on system security. ACM, p 5
Rish I (2001) An empirical study of the naive bayes classifier IJCAI 2001 workshop on empirical methods in artificial intelligence, vol 3. IBM, New York, pp 41–46
Sebastiani F (2002) Machine learning in automated text categorization. ACM Comput Surv (CSUR) 34(1):1–47
Vapnik VN, Vapnik V (1998) Statistical learning theory, vol 1. Wiley, New York
Virusshare. https://virusshare.com
Acknowledgements
This research was supported in part by the Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning (NRF-2014K1A1A2043029), and in part by Next-Generation Information Computing Development Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2014M3C4A7030649).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, H., Cho, T., Ahn, GJ. et al. Risk assessment of mobile applications based on machine learned malware dataset. Multimed Tools Appl 77, 5027–5042 (2018). https://doi.org/10.1007/s11042-017-4756-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-4756-0