Journal article Open Access

A Static Android Malware Detection Based on Actual Used Permissions Combination and API Calls

Xiaoqing Wang; Junfeng Wang; Xiaolan Zhu


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Chinese Internet Data Information Centre(199IT), http://www.199it.com/archives/390550.html</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Report of China Internet Network Information Center (CNNIC), The 37th China Internet Development Statistics(EB). https://www.cnnic.cn/ hlwfzyj/hlwxzbg/201601/P020160122469130059846.pdf</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">NetQin (Never Quit), 2014 in the first quarter of the global mobile security message(EB).</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Zhou Y, Jiang X. Dissecting android malware: Characterization and evolution(C)//Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012: 95-109.</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Wei X, Gomez L, Neamtiu I, Faloutsos M. Permission evolution in the Android ecosystem. In: Proc. of the 28th Annual Computer Security Applications Conf. (ACSAC 2012). 2012. 31−40</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Saltzer JH. Protection and the control of information sharing in Multics. Communications of the ACM, 1974,17(7):388−402.</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Felt A P, Chin E, Hanna S, et al. Android permissions demystified(C)// Proceedings of the 18th ACM conference on Computer and communications security. ACM, 2011: 627-638.</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Au K W Y, Zhou Y F, Huang Z, et al. Pscout: analyzing the android permission specification (C)// Proceedings of the 2012 ACM conference on Computer and communications security. ACM,2012: 217-228.</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification. In: Proc. of the 16th ACM Conf. on Computer and Communications Security (CCS 2009). 2009. 235−245
[10]	Fuchs A P, Chaudhuri A, Foster J S. Scandroid: Automated security certification of android(J). 2009.
[11]	Sanz B, Santos I, Laorden C, et al. MAMA: manifest analysis for malware detection in android(J). Cybernetics and Systems, 2013, 44(6-7): 469-488.
[12]	Aafer Y, Du W, Yin H. DroidAPIMiner: Mining API-level features for robust malware detection in android(M)//Security and Privacy in Communication Networks. Springer International Publishing, 2013: 86-103. 
[13]	Yerima S Y, Sezer S, McWilliams G, et al. A new android malware detection approach using Bayesian classification(C)// Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on. IEEE, 2013: 121-128.
[14]	Wu D J, Mao C H, Wei T E, et al. Droidmat: Android malware detection through manifest and api calls tracing(C)// Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. IEEE, 2012: 62-69.
[15]	Zhou Y, Jiang X. Android malware genome project (EB/OL). IEEE,2012, (2014-02-27).</subfield>
  </datafield>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">Android</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">permissions combination</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">API calls</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">machine learning.</subfield>
  </datafield>
  <controlfield tag="005">20200120143153.0</controlfield>
  <controlfield tag="001">1126780</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Junfeng Wang</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Xiaolan Zhu</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">780047</subfield>
    <subfield code="z">md5:9e56a6a27df91b6eb80668c4c535d02e</subfield>
    <subfield code="u">https://zenodo.org/record/1126780/files/10005499.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2016-08-04</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-waset</subfield>
    <subfield code="o">oai:zenodo.org:1126780</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="a">Xiaoqing Wang</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">A Static Android Malware Detection Based on Actual Used Permissions Combination and API Calls</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-waset</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">Android operating system has been recognized by most application developers because of its good open-source and compatibility, which enriches the categories of applications greatly. However, it has become the target of malware attackers due to the lack of strict security supervision mechanisms, which leads to the rapid growth of malware, thus bringing serious safety hazards to users. Therefore, it is critical to detect Android malware effectively. Generally, the permissions declared in the AndroidManifest.xml can reflect the function and behavior of the application to a large extent. Since current Android system has not any restrictions to the number of permissions that an application can request, developers tend to apply more than actually needed permissions in order to ensure the successful running of the application, which results in the abuse of permissions. However, some traditional detection methods only consider the requested permissions and ignore whether it is actually used, which leads to incorrect identification of some malwares. Therefore, a machine learning detection method based on the actually used permissions combination and API calls was put forward in this paper. Meanwhile, several experiments are conducted to evaluate our methodology. The result shows that it can detect unknown malware effectively with higher true positive rate and accuracy while maintaining a low false positive rate. Consequently, the AdaboostM1 (J48) classification algorithm based on information gain feature selection algorithm has the best detection result, which can achieve an accuracy of 99.8%, a true positive rate of 99.6% and a lowest false positive rate of 0.</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.1126779</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.1126780</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">article</subfield>
  </datafield>
</record>
36
29
views
downloads
All versions This version
Views 3636
Downloads 2929
Data volume 22.6 MB22.6 MB
Unique views 3535
Unique downloads 2727

Share

Cite as