An Effective Risk Computation Metric for Android Malware Detection
Subject Areas : Pervasive computingMahmood Deypir 1 * , Ehsan Sharifi 2
1 - Faculty of Computer and Information Technology, Shahid Sattari,University of Science and Technology, Tehran, Iran
2 - Faculty of Computer and Information Technology, Shahid Sattari University of Science and Technology, Tehran, Iran
Keywords: Mobile Device Security , Risk Computation , Android Malwares , Critical Permissions , Security Metric,
Abstract :
Android has been targeted by malware developers since it has emerged as widest used operating system for smartphones and mobile devices. Android security mainly relies on user decisions regarding to installing applications (apps) by approving their requested permissions. Therefore, a systematic user assistance mechanism for making appropriate decisions can significantly improve the security of Android based devices by preventing malicious apps installation. However, the criticality of permissions and the security risk values of apps are not well determined for users in order to make correct decisions. In this study, a new metric is introduced for effective risk computation of untrusted apps based on their required permissions. The metric leverages both frequency of permission usage in malwares and rarity of them in normal apps. Based on the proposed metric, an algorithm is developed and implemented for identifying critical permissions and effective risk computation. The proposed solution can be directly used by the mobile owners to make better decisions or by Android markets to filter out suspicious apps for further examination. Empirical evaluations on real malicious and normal app samples show that the proposed metric has high malware detection rate and is superior to recently proposed risk score measurements. Moreover, it has good performance on unseen apps in term of security risk computation.
[1] Gates, C. S., Chen, J., Li, N., & Proctor, R. W. (2014). Effective risk communication for android apps. Dependable and Secure Computing, IEEE Transactions on, 11(3), 252-265.#
[2] Gates, C. S., Li, N., Peng, H., Sarma, B., Qi, Y., Potharaju, R., & Molloy, I. (2014). Generating summary risk scores for mobile applications. Dependable and Secure Computing, IEEE Transactions on, 11(3), 238-251.#
[3] Chin, E., Felt, A. P., Sekar, V., & Wagner, D. (2012, July). Measuring user confidence in smartphone security and privacy. In Proceedings of the Eighth Symposium on Usable Privacy and Security (p. 1). ACM.#
[4] Felt, A. P., Greenwood, K., & Wagner, D. (2011, June). The effectiveness of application permissions. In Proceedings of the 2nd USENIX conference on Web application development (pp. 7-7).#
[5] Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012). Android permissions: User attention, comprehension, and behavior. Tech. Rep. UCB/EECS-2012-26, UC Berkeley.#
[6] Kelley, P. G., Consolvo, S., Cranor, L. F., Jung, J., Sadeh, N., & Wetherall, D. (2012). A conundrum of permissions: installing applications on an android smartphone. In Financial Cryptography and Data Security (pp. 68-79). Springer Berlin Heidelberg.#
[7] Kelley, P. G., Cranor, L. F., & Sadeh, N. (2013, April). Privacy as part of the app decision-making process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 3393-3402). ACM.#
[8] Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R.,& Molloy, I. (2012, October). Using probabilistic generative models for ranking risks of android apps. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 241-252). ACM.#
[9] Grace, M., Zhou, Y., Zhang, Q., Zou, S., & Jiang, X. (2012, June). Riskranker: scalable and accurate zero-day android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services (pp. 281-294). ACM.#
[10] Enck, W., Ongtang, M., & McDaniel, P. (2009, November). On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security (pp. 235-245). ACM. #
[11] Jang, J. W., Kang, H., Woo, J., Mohaisen, A., & Kim, H. K. (2016). Andro-dumpsys: anti-malware system based on the similarity of malware creator and malware centric information. Computers & Security.#
[12] Sarma, B. P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., & Molloy, I. (2012, June). Android permissions: a perspective combining risks and benefits. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies (pp. 13-22). ACM.#
[13] Cen, L., Gates, C., Si, L., & Li, N. (2015). A probabilistic discriminative model for android malware detection with decompiled source code, in Dependable and Secure Computing, IEEE Transactions on, vol.12, no.4, (pp.400-412). IEEE.#
[14] Desnos, A. (2012, January). Android: Static analysis using similarity distance. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 5394-5403). IEEE.#
[15] Schmidt, A. D., Bye, R., Schmidt, H. G., Clausen, J., Kiraz, O., Yüksel, K., & Albayrak, S. (2009, June). Static analysis of executables for collaborative malware detection on android. In Communications, 2009. ICC'09. IEEE International Conference on (pp. 1-5). IEEE.#
[16] Zhou, Y., Wang, Z., Zhou, W., & Jiang, X. (2012, February). Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In NDSS.#
[17] Aafer, Y., Du, W., & Yin, H. (2013). DroidAPIMiner: Mining API-level features for robust malware detection in android. In Security and Privacy in Communication Networks (pp. 86-103). Springer International Publishing.#
[18] Christodorescu, M., Jha, S., & Kruegel, C. (2008, February). Mining specifications of malicious behavior. In Proceedings of the 1st India software engineering conference (pp. 5-14). ACM.#
[19] Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and classification of malware behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer Berlin Heidelberg. [17]
[20] Shabtai, A., & Elovici, Y. (2010). Applying behavioral detection on android-based devices. In Mobile Wireless Middleware, Operating Systems, and Applications (pp. 235-249). Springer Berlin Heidelberg#
[21] Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011, October). Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 15-26). ACM.#
[22] Geneiatakis, D., Fovino, I. N., Kounelis, I., & Stirparo, P. (2015). A Permission verification approach for android mobile applications. Computers & Security, 49, 192-205.#
[23] Fang, Z., Han, W., & Li, Y. (2014). Permission based android security: Issues and countermeasures. computers & security, 43, 205-218.#
[24] Barrera, D., Kayacik, H. G., van Oorschot, P. C., & Somayaji, A. (2010, October). A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 73-84). ACM. #
[25] Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011, August). A Study of Android Application Security. In USENIX security symposium (Vol. 2, p. 2). #
[26] Chakradeo, S., Reaves, B., Traynor, P., & Enck, W. (2013, April). Mast: triage for market-scale mobile malware analysis. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks (pp. 13-24). ACM.#
[27] Au, K. W. Y., Zhou, Y. F., Huang, Z., & Lie, D. (2012, October). Pscout: analyzing the android permission specification. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 217-228). ACM.#
[28] Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., & Rieck, K. (2014, February). DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In NDSS.#
[29] Desnos, A. (2013). Androguard-Reverse engineering, Malware and goodware analysis of Android applications. URL code. google. com/p/androguard.#
[30] Lin, Y. D., Lai, Y. C., Chen, C. H., & Tsai, H. C. (2013). Identifying android malicious repackaged applications by thread-grained system call sequences. computers & security, 39, 340-350.#
[31] Wu, S., Wang, P., Li, X., & Zhang, Y. (2016). Effective detection of android malware based on the usage of data flow APIs and machine learning. Information and Software Technology, 75, 17-25.#
[32] Feizollah, A., Anuar, N. B., Salleh, R., & Wahab, A. W. A. (2015). A review on feature selection in mobile malware detection. Digital Investigation, 13, 22-37.#