A New Approach to Improve Mobile Network’s Security Through Android Malware Detection Utilizing Static Analysis

نوع مقاله : مقاله پژوهشی

نویسندگان

1 کارشناسی ارشد،دانشگاه علوم تحقیقات تهران

2 استادیار، دانشگاه آزاد تهران جنوب

چکیده

The security of the mobile devices has become a major issue since hackers target them through malwares in order to harm the systems or gather sensitive information and get access to the systems remotely. Recently, new ways have been introduced to confront malwares and other viruses. Two main techniques for recognizing malwares are dynamic analysis and static analysis. This paper proposes a new method using the static analysis to help improve the accuracy of the malwares in detecting threats faster and with lower processing time. For this purpose, our suggested method has utilized the android application’s main components to recognize the malwares using the machine learning algorithms. Furthermore, our method has used the feature selection algorithms to reduce the processing overload and to enhance the speed and accuracy. Our method have used the following components as the classification features in our suggested algorithms: API calls, Intents, network address and IPs, services and provider, activities and permissions. In addition to these individual features, our method has also employed complex features to improve malware recognition. We have used 123,446 software and 5,561 malwares to evaluate the accuracy and the precision of the suggested method, demonstrating to be 99.4 percent.

کلیدواژه‌ها

موضوعات

عنوان مقاله [English]

A New Approach to Improve Mobile Network’s Security Through Android Malware Detection Utilizing Static Analysis

نویسندگان [English]

  • Mani Saffarnia 1
  • Mahmood Deypir 2
1 Islamic Azad University, Science and research branch/Electrical and Computer Engineering
2 Computer Engineering and Information Technology Department
چکیده [English]

The security of the mobile devices has become a major issue since hackers target them through malwares in order to harm the systems or gather sensitive information and get access to the systems remotely. Recently, new ways have been introduced to confront malwares and other viruses. Two main techniques for recognizing malwares are dynamic analysis and static analysis. This paper proposes a new method using the static analysis to help improve the accuracy of the malwares in detecting threats faster and with lower processing time. For this purpose, our suggested method has utilized the android application’s main components to recognize the malwares using the machine learning algorithms. Furthermore, our method has used the feature selection algorithms to reduce the processing overload and to enhance the speed and accuracy. Our method have used the following components as the classification features in our suggested algorithms: API calls, Intents, network address and IPs, services and provider, activities and permissions. In addition to these individual features, our method has also employed complex features to improve malware recognition. We have used 123,446 software and 5,561 malwares to evaluate the accuracy and the precision of the suggested method, demonstrating to be 99.4 percent.

کلیدواژه‌ها [English]

  • Android Security
  • Malware Detection
  • Static Analysis
  • Classification
  • Machine Learning

مراجع

[1]
Y. Feng, S. Anand, I. Dillig and A. Aiken, "Apposcopy: semantics-based detection of Android malware through static analysis," FSE 2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576-587, 2014.
[2]
K. Tam, A. Feizollah, N. B. Anuar, R. Salleh and L. Cavallaro, "The Evolution of Android Malware and Android Analysis Techniques," ACM Computing Surveys (CSUR), vol. 49, no. 4, 2017.
[3]
M. Y.Wong and D. Lie, "IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware," in Network and Distributed System Security Symposium, 2016.
[4]
M. Fatima and M. Pasha, "Survey of Machine Learning Algorithms for Disease Diagnostic," Journal of Intelligent Learning Systems and Applications, pp. 1-16, 2017.
[5]
C.-Y. Huang, Y. Tsai and C.-H. Hsu, "Performance Evaluation on Permission-Based Detection for Android Malware," Advances in Intelligent Systems and Applications, vol. 2, pp. 111-120, 2013.
[6]
K. A. Talha, D. I. Alper and C. Aydin, "APK Auditor: Permission-based Android malware detection," 2015.
[7]
D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon and K. Rieck, "DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket," 2014.
[8]
S. Y.Yerima, S. Sezer and G. McWilliams, "Analysis of Bayesian classification-based approaches for Android malware detection," 2013.
[9]
C. S.Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, C. Nita-Rotaru and I. Molloy, "Generating Summary Risk Scores for Mobile Application," IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, vol. 11, 2014.
[10]
N. Milosevic, A. Dehghantanha and K.-K. Raymond choo, "Machine learning aided Android malware
classification," Computers and Electrical Engineering, 2017.
[11]
F. Ghaffari, M. Abadi and A. Tajoddin, "AMD-EC: Anomaly-based Android Malware Detection using Ensemble Classifiers," in Iranian Conference on Electrical Engineering, Tehran, Iran, 2017.
[12]
H. Shahriar, M. Islam and V. Clincy, "Android Malware Detection Using Permission Analysis," in Southeast Conference, Charlotte, NC, USA, 2017.
[13]
F. Shang, Y. Li, X. Deng and D. He, "Android malware detection method based on naive Bayes and permission correlation algorithm," Cluster Computing, pp. 1-12, 2017.
[14]
U. o. Waikato, "Weka 3: Data Mining Software," University of Waikato,GNU General Public License, 4 9 2018. [Online]. Available: https://www.cs.waikato.ac.nz/ml/weka/.
[15]
C. Tumbleson and R. Wiśniewski, Writers, Apktool. [Performance]. Apache, 2010.
[16]
A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer and Y. Weiss, "“Andromaly”: a behavioral malware detection framework for android devices," Journal of Intelligent Information Systems, vol. 38, no. 1, pp. 161-190, 2012.
[17]
J. Bai, J. Wang and G. Zou, "A Malware Detection Scheme Based on Mining Format Information," The Scientific World Journal, 2014.
[18]
F. Thabtah and M. A. H.Eljinini, "Naïve Bayesian Based on Chi Square to Categorize Arabic Data," Communications of the IBIMA, 2009.
[19]
A. K. Uysal and S. Gunal, "A novel probabilistic feature selection method for text classification," Knowledge-Based Systems, vol. 36, pp. 226-235, 2012.
[20]
S. Russell and P. Norvig, Artificial Intelligence: A Modern Approach(2nd ed.), Upper Saddle River, New Jersey: Prentice Hall, 2003.
[21]
M. Galar, a. Fernandez, E. Barrenechea, H. Bustince and F. Herrera, "A review on ensembles for the class imbalance problem: bagging-, boosting-, and hybrid-based approaches," IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS, vol. 42, no. 4, pp. 463-484, 2012.
[22]
Y. Aafer, W. Du and H. Yin, "DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android," Security and Privacy in Communication Networks, pp. 86-103, 2013.
[23]
B. Anderson, C. Storlie and T. Lane, "Improving malware classification: bridging the static/dynamic gap," AISec '12 Proceedings of the 5th ACM workshop on Security and artificial intelligence, pp. 3-14, 2012.
[24]
M. Nezhadkamali, S. Soltani and S. A. H. Seno, "Android malware detection based on overlapping of static features," in 7th International Conference on Computer and Knowledge Engineering (ICCKE 2017), Mashhad, 2017.
[25]
X. Liu and J. Liu, "A Two-Layered Permission-Based Android Malware Detection Scheme," Mobile Cloud Computing, Services, and Engineering (MobileCloud), pp. 142-148, 2014.
[26]
M. Schultz, E. Eskin, F. Zadok and S. Stolfo, "Data Mining Methods for Detection of New Malicious
Executables," IEEE Symposium on Security and Privacy, pp. 38-49, 2001.
[27]
I. Firdausi, C. lim, A. Erwin and A. S. Nugroho, "Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection," Second International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 201-203, 2010.
[28]
Z. Yuan, Y. Lu and Y. Xue, "DroidDetector: Android Malware Characterization and Detection Using Deep Learning," TSINGHUA SCIENCE AND TECHNOLOGY, vol. 21, no. 1, pp. 114-123, 2016.
[29]
M. Siddiqui, M. C. Wang and J. Lee, "Detecting Internet Worms using Data Mining Techniques," Journal of Systemics, Cybernetics and Informatics, pp. 48-53, 2010.
[30]
S. Hahn, M. Protsenko and T. Müller, "Comparative evaluation of machine learning-based malware detection on android," Gesellschaft für Informatik, pp. 79-88, 2016.
[31]
A. Sharma and S. K. Dash, "Mining API Calls and Permissions for Android Malware Detection," Cryptology and Network Security, pp. 191-205, 2014.
[32]
Z. Aung and W. Zaw, "Permission-Based Android Malware Detection," INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH, vol. 2, no. 3, pp. 228-234, 2013.
[33]
Saracino, A., Sgandurra, D., Dini, G., & Martinelli, F. (2018). Madam: Effective and efficient behavior-based android malware detection and prevention. IEEE Transactions on Dependable and Secure Computing, 15(1), 83-97.
[34]
Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., & Sgandurra, D. (2018). Risk analysis of Android applications: A user-centric solution. Future Generation Computer Systems, 80, 505-518.
[35]
Hammad, M., Bagheri, H., & Malek, S. (2019). DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android. Journal of Systems and Software, 149, 83-100.

فایل ها

سابقه مقاله

  • تاریخ دریافت: 17 دی 1397
  • تاریخ بازنگری: 05 اردیبهشت 1398
  • تاریخ پذیرش: 19 اردیبهشت 1398
  • تاریخ اولین انتشار: 19 اردیبهشت 1398

اشتراک گذاری

ارجاع به این مقاله

آمار