Skip to main content
Log in

Risk assessment of mobile applications based on machine learned malware dataset

Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

With the expected development of the Internet of Things, in which all devices will be connected, mobile devices will play a greater role in providing personalized services and will store larger amounts of personal information. However, the number of malicious applications is also increasing, with the aim being to steal user personal information. Furthermore, given the open-market policies of Android and the distribution structure of the Google Play store, any application developer can readily distribute such applications. On the other hand, end users cannot easily determine whether an application is malicious or not. Therefore, we propose an Android application package (APK) Vulnerability Identification System (AVIS) that can identify malicious applications in advance using the Naïve Bayes classification scheme. To achieve this goal, AVIS builds a dataset by downloading sample applications and extracting their framework methods. To verify the accuracy of AVIS, we analyze sample applications. The APK vulnerability score determined by AVIS is expected to be used as a core metric for quantitatively evaluating the vulnerability of mobile applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Android api. https://developer.android.com/reference/packages.html

  2. Andrubis. https://anubis.iseclab.org

  3. Apk file. https://developer.android.com/tools/building/index.html

  4. Apktool. https://ibotpeaches.github.io/Apktool

  5. Asmdex. http://asm.ow2.org/asmdex-index.html

  6. Bailey M, Oberheide J, Andersen J, Mao ZM, Jahanian F, Nazario J (2007) Automated classification and analysis of internet malware International workshop on recent advances in intrusion detection. Springer, pp 178–197

  7. Cho T, Na G, Lee D, Yi JH (2015) Account forgery and privilege escalation attacks on android home cloud devices. Adv Sci Lett 21(3):381–386

    Article  Google Scholar 

  8. Dex format. https://source.android.com/devices/tech/dalvik/dex-format.html

  9. Felt AP, Finifter M, Chin E, Hanna S, Wagner D (2011) A survey of mobile malware in the wild Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 3–14

  10. Google bouncer. https://android.googleblog.com/2012/02/android-and-security.html

  11. Google play store. https://play.google.com/store

  12. Han J, Pei J, Kamber M (2011) Data mining: concepts and techniques. Elsevier,

  13. Jung JH, Kim JY, Lee HC, Yi JH (2013) Repackaging attack on android banking applications and its countermeasures. Wirel Pers Commun 73(4):1421–1437

    Article  Google Scholar 

  14. Malware database contagio. http://contagiominidump.blogspot.kr

  15. McCallum A, Nigam K, et al (1998) A comparison of event models for naive bayes text classification AAAI-98 workshop on learning for text categorization, vol 752. Citeseer, pp 41–48

  16. Petsas T, Voyatzis G, Athanasopoulos E, Polychronakis M, Ioannidis S (2014) Rage against the virtual machine: hindering dynamic analysis of android malware Proceedings of the 7th European workshop on system security. ACM, p 5

  17. Rish I (2001) An empirical study of the naive bayes classifier IJCAI 2001 workshop on empirical methods in artificial intelligence, vol 3. IBM, New York, pp 41–46

    Google Scholar 

  18. Sebastiani F (2002) Machine learning in automated text categorization. ACM Comput Surv (CSUR) 34(1):1–47

    Article  Google Scholar 

  19. Vapnik VN, Vapnik V (1998) Statistical learning theory, vol 1. Wiley, New York

    MATH  Google Scholar 

  20. Virusshare. https://virusshare.com

Download references

Acknowledgements

This research was supported in part by the Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning (NRF-2014K1A1A2043029), and in part by Next-Generation Information Computing Development Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2014M3C4A7030649).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jeong Hyun Yi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, H., Cho, T., Ahn, GJ. et al. Risk assessment of mobile applications based on machine learned malware dataset. Multimed Tools Appl 77, 5027–5042 (2018). https://doi.org/10.1007/s11042-017-4756-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-017-4756-0

Keywords

Navigation