Permissions-based detection of android malware using machine learning

Document Type

Article

Publication Date

4-1-2022

Abstract

Malware applications (Apps) targeting mobile devices are widespread, and compromise the sensitive and private information stored on the devices. This is due to the asymmetry between informative permissions and irrelevant and redundant permissions for benign Apps. It also depends on the characteristics of the Android platform, such as adopting an open-source policy, supporting unofficial App stores, and the great tolerance for App verification; therefore the Android platform is destined to face such malicious intrusions. In this paper, we propose a permissions-based malware detection system (PerDRaML) that determines the App's maliciousness based on the usage of suspicious permissions. The system uses a multi-level based methodology; we first extract and identify the significant features such as permissions, smali sizes, and permission rates from a manually collected dataset of 10,000 applications. Further, we employ various machine learning models to categorize the Apps into their malicious or benign categories. Through extensive experimentations, the proposed method successfully identifies the 5 x most significant features to predict malicious Apps. The proposed method outperformed the existing techniques by achieving high accuracies of malware detection i.e., 89.7% with Support Vector Machine, 89.96% with Random Forest, 86.25% with Rotation Forest, and 89.52% with Naive Bayes models. Moreover, the proposed method optimized up to similar to 77% of the feature set as compared to the recent approaches, while improving the evaluation metrics such as precision, sensitivity, accuracy, and F-measure. The experimental results show that the proposed system provides a high level of symmetry between irrelevant permissions and malware Apps. Further, the proposed system is promising and may provide a low-cost alternative for Android malware detection for malicious or repackaged Apps.

Keywords

Malware detection, Repackaged applications, Suspicious permissions, Static malware analysis

Divisions

Computer

Funders

National Research Foundation of Korea, Ministry of Education (MOE), Republic of Korea National Research Council for Economics, Humanities & Social Sciences, Republic of Korea [Grant No: 2021R1I1A3049788],National Research Foundation of Korea [Grant No: 2019H1D3A1A01101687 & 2021H1D3A2A01099390],National University of Sciences and Technology, Islamabad, Pakistan,National Research Foundation of Korea [Grant No: 2021H1D3A2A01099390 & 2019H1D3A1A01101687]

Publication Title

Symmetry-Basel

Volume

14

Issue

4

Publisher

MDPI

Publisher Location

ST ALBAN-ANLAGE 66, CH-4052 BASEL, SWITZERLAND

This document is currently not available here.

Share

COinS