An Android Malware Detection Framework-based on Permissions and Intents

With an exponential growth in smartphone applications targeting useful services such as banks, healthcare, m-commerce, security has become a primary concern. The applications downloaded from unofficial sources pose a security threat as they lack mechanisms for validation of the applications. The malware infected applications may lead to several threats such as leaking user’s private information, enforcing malicious deductions for sending premium SMS, getting root privilege of the android system and so on. Existing anti-viruses depend on signature databases that need to be updated from time to time and are unable to detect zero-day malware. The Android Operating system allows inter-application communication through the use of component reuse by using intents. Unfortunately, message passing is also an application attack surface. A hybrid method for android malware detection by analysing the permissions and intent-filters of the manifest files of the applications is presented. A malware detection framework is developed based on machine learning algorithms and on the basis of the decision tree obtained from ID3 and J48 classifiers available in WEKA. Both algorithms gave same results with an error percentage of 6 per cent. The system improves detection of zero day malware

Heart Attack Prediction Model Based on Feature Selection and Decision Tree Approaches

The purpose of this study is creating a machine learning based model is to predict heart attacks is to improve the capacity to anticipate the occurrence of this dangerous medical condition. It is feasible to find significant and linked variables that may cause heart attacks by using the decision tree as a tool for medical data analysis. The system analyzes clinical data using artificial intelligence techniques to find patterns that might suggest the possibility of a heart attack. The advantage is early disease detection and prediction, which allows the medical staff to better plan treatment and take preventative action. This kind of system can aid in enhancing patient care and lowering the likelihood that. Throuought the study, two paths will be examined, the first one is applying machine learning algorithms without applying feature selection, and the second one with feature selection process. Three mainly feature selection algorithms will be examined to find the most correlated features that affect the heart attack. The model will examine six machine learning decision tree algorithms namely (decision stump, hoeffding tree, j48, LMT, random forest, and rep tree) to find the accurate algorithm in prediction. The results show that LMT have the accurate prediction accuracy with 82.5%

Feature selection for malicious android applications using Symmetrical Uncert Attribute Eval method

The fast growth of tablets, smartphones has led to increase the usage of mobile applications. The Android apps have more popularity, however, the applications downloaded from third-party markets could be malware that may threaten the users' privacy. Several works used techniques to detect normal apps from malicious apps based on mining requested permissions. However, there are some set of permissions that can occur in benign and malignant applications. Redundant features could reduce the detection rate and increase the false positive rate. In this paper, we have proposed feature selection methods to identify clean and malicious applications based on selecting a set combination of permission patterns using different classification algorithms such as sequential minimal optimization (SMO), decision Tree (J48) and Naive Bayes. The experimental results show that sequential minimal optimization (SMO) combining with SymmetricalUncertAttributeEval method achieved the highest accuracy rate of 0.88, with lowest false positive rate of 0.085 and highest precision of 0.910. And the findings prove that feature selection methods enhanced the result of classification

Andro-Simnet: Android Malware Family Classification Using Social Network Analysis

While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To detect malware and its variants, it is essential to adopt behavior-based detection for efficient malware classification. This paper presents a system that classifies malware by using common behavioral characteristics along with malware families. We measure the similarity between malware families with carefully chosen features commonly appeared in the same family. With the proposed similarity measure, we can classify malware by malware's attack behavior pattern and tactical characteristics. Also, we apply a community detection algorithm to increase the modularity within each malware family network aggregation. To maintain high classification accuracy, we propose a process to derive the optimal weights of the selected features in the proposed similarity measure. During this process, we find out which features are significant for representing the similarity between malware samples. Finally, we provide an intuitive graph visualization of malware samples which is helpful to understand the distribution and likeness of the malware networks. In the experiment, the proposed system achieved 97% accuracy for malware classification and 95% accuracy for prediction by K-fold cross-validation using the real malware dataset.Comment: 13 pages, 11 figures, dataset link: http://ocslab.hksecurity.net/Datasets/andro-simnet , demo video: https://youtu.be/JmfS-ZtCbg4 , In Proceedings of the 16th Annual Conference on Privacy, Security and Trust (PST), 201

MULTIPLE ANDROID PACKAGE FILES EXTRACTOR IN MINING REQUEST PERMISSIONS AND API CALLS

Android smartphone has the highest demand in the world due to the ability of the devices and the open source software concept. Numbers of Android applications are increasing as to fulfill users and businesses’ needs. Not only Android gains huge business return but its applications has also become the target of attackers. One of the approaches to investigate and detect malware is through a reverse engineering technique where the profile parameters are extracted. The process of reversing Android execute file (.apk) individually takes a long time. Other than having used several tools, the approach leaves open the possibility of misconduct during the mining of necessary source codes. Therefore, an Android permissions and Application Programming Interface (API) calls extractor tool were developed for Android mobile devices apps. This tool had the capability to record all request permissions and required API calls inside the AndroidManifest.xml and classes.dex made to App executable file. In addition, the automatic feature of the tool allowed for the recording of the permission and API calls more than one Android Package Kit (APK) files at a time. MAPE (Multiple Android Package Extractor) was developed using Node.js. Currently, researchers either disclose mining techniques or use existing tools manually. MAPE used a sequential search in Depth First Search (DFS) technique to accomplish the operation. This tool can shorten the researchers’ processing time on retrieving request permissions and targeting API calls. The output produced by MAPE can be used for several purposes such as Apps categorization and malware detection

AndroParse - An Android Feature Extraction Framework & Dataset

Android malware has become a major challenge. As a consequence, practitioners and researchers spend a significant time analyzing Android applications (APK). A common procedure (especially for data scientists) is to extract features such as permissions, APIs or strings which can then be analyzed. Current state of the art tools have three major issues: (1) a single tool cannot extract all the significant features used by scientists and practitioners (2) Current tools are not designed to be extensible and (3) Existing parsers do not have runtime efficiency. Therefore, this work presents AndroParse which is an open-source Android parser written in Golang that currently extracts the four most common features: Permissions, APIs, Strings and Intents. AndroParse outputs JSON files as they can easily be used by most major programming languages. Constructing the parser allowed us to create an extensive feature dataset which can be accessed by our independent REST API. Our dataset currently has 67,703 benign and 46,683 malicious APK samples

Maldroid- attribute selection analysis for malware classification

Android is the most dominant operating system in the mobile market and the number of Android users is increasing year by year. Malware authors use android market as a hub for malicious apps and spread malware to users with the intention to threaten privacy; and this has remained undetected due to the weakness in signature-based detection. A major problem with malware detection is the existence of numerous features in malware code and the need to look at the relevant features in malware analysis. As a result, applying any security solution in malware analysis is considered inefficient because mobile devices have limited resources in terms of its memory, processor and storage. Hence, the objective of this paper is to find the most effective and efficient attribute selection and classification algorithm in malware detection. Moreover, in order to get the best combination between attribute selection and classification algorithm, eight attributes selection and seven categories machine learning algorithm are applied in this study. The experiment evaluated 8000 real data samples and the result showed that InfoGainEval and KNN algorithm are the most selected in attribute selection and classification process

Malware detection : a framework for reverse engineered android applications through machine learning algorithms

Today, Android is one of the most used operating systems in smartphone technology. This is the main reason, Android has become the favorite target for hackers and attackers. Malicious codes are being embedded in Android applications in such a sophisticated manner that detecting and identifying an application as a malware has become the toughest job for security providers. In terms of ingenuity and cognition, Android malware has progressed to the point where they’re more impervious to conventional detection techniques. Approaches based on machine learning have emerged as a much more effective way to tackle the intricacy and originality of developing Android threats. They function by first identifying current patterns of malware activity and then using this information to distinguish between identified threats and unidentified threats with unknown behavior. This research paper uses Reverse Engineered Android applications’ features and Machine Learning algorithms to find vulnerabilities present in Smartphone applications. Our contribution is twofold. Firstly, we propose a model that incorporates more innovative static feature sets with the largest current datasets of malware samples than conventional methods. Secondly, we have used ensemble learning with machine learning algorithms such as AdaBoost, SVM, etc. to improve our model’s performance. Our experimental results and findings exhibit 96.24% accuracy to detect extracted malware from Android applications, with a 0.3 False Positive Rate (FPR). The proposed model incorporates ignored detrimental features such as permissions, intents, API calls, and so on, trained by feeding a solitary arbitrary feature, extracted by reverse engineering as an input to the machine

The Analysis of Feature Selection Methods and Classification Algorithms in Permission Based Android Malware Detection

Android mobile devices have reached a widespread use since the past decade, thus leading to an increase in the number and variety of applications on the market. However, from the perspective of information security, the user control of sensitive information has been shadowed by the fast development and rich variety of the applications. In the recent state of the art, users are subject to responding numerous requests for permission about using their private data to be able run an application. The awareness of the user about data protection and its relationship to permission requests is crucial for protecting the user against malicious software. Nevertheless, the slow adaptation of users to novel technologies suggests the need for developing automatic tools for detecting malicious software. In the present study, we analyze two major aspects of permission-based malware detection in Android applications: Feature selection methods and classification algorithms. Within the framework of the assumptions specified for the analysis and the data used for the analysis, our findings reveal a higher performance for the Random Forest and J48 decision tree classification algorithms for most of the selected feature selection methods