Permisson Comparison Based Malware Detection System for Android Mobile Applications

Year 2017, Volume: 20 Issue: 1, 175 - 189, 01.03.2017

Recep Sinan Arslan İbrahim Alper Doğru Necaattin Barışçı

Abstract

Mobile applications create their own security and privacy models through permission based models. Applications, if they require

to access any sensitive data in mobile devices that they are downloaded on, in order to do the needed system call for this access,

they have to define only required permissions. However, some applications may request extra permissions which they do not need

and may use these permissions for suspicious database access they do later. In this study, the aim is to determine those extra

requested permissions and to use this on the security and privacy model. According to the study, through the determined methodology,

risk values of applications are determined in the light of pre-determined levels within datasets. It is an approach that uses

static analysis and code analysis together. According to this approach, the permissions that the applications request and use are

determined separately and the applications that request extra permissions are discovered. Then, via the produced formula, suspicion

value of every application is determined and applications are classified as malicious or benignant according to this value. This

approach was applied on existing datasets; the results were compared and accuracy level was determined.For Android operating

system, it is aimed to determine the malicious applications via this newly developed method and to create a safer Android atmosphere

for users.

Keywords

Android, Permission Based, Security, Risk Assesment

Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti

Abstract

Mobil uygulamalar izin tabanlı modelleri sayesinde kendi güvenlik ve gizlilik modellerini oluştururlar. Uygulamalar, yüklendikleri

mobil araçlarda herhangi bir hassas veriye erişmek isterlerse, bu erişim için sadece ihtiyaç duydukları izinleri tanımlamalıdırlar.

Ancak bazı uygulamalar, gerek duyacakları izinlerin haricinde fazladan izin talebinde bulunmakta ve bunu daha sonra yapacakları

şüpheli kaynak erişimleri için kullanabilmektedirler. Bu çalışmada belirlenen yöntem ile veri setleri kullanılarak daha önceden

belirlenen seviyeler doğrultusunda uygulamaların risk değerleri belirlenmektedir. Statik analiz ve kod analizi metotlarını birlikte

kullanılmıştır. Kullanılan yaklaşıma göre uygulamaların istedikleri ve kullandıkları izinler belirlenmekte ve fazladan izin talebinde

bulunan uygulamalar çıkarılmaktadır. Sonrasında ortaya konulan formül sayesinde her bir uygulama için şüphe değeri belirlenmekte

ve bu değere göre uygulamalar kötücül veya zararsız olarak sınıflandırılmaktadır. Ortaya konulan bu yaklaşım, var olan veri

setleri üzerinde uygulanarak sonuçları karşılaştırılmış ve doğruluk seviyesi belirlenmiştir. Android işletim sistemi için, geliştirilen

bu yeni yöntem sayesinde kötücül yazılımların tespit edilmesi ve kullanıcılar açısından daha güvenli bir Android ortamının oluşturulması

amaçlanmıştır.

Keywords

Android, İzin Tabanlı, Güvenlik, Risk Değerlendirmesi

References

• [1] Seo S., Gupta A., Sallam A.M., Bertino E., Yim K., “Detecting mobile malware threats to homeland se-curity through static analysis”, Journal of Network and Computer Applications, 38: 43-53, (2014).
• [2] Leavitt N., “Mobile phones: the next frontier for hackers?”, IEEE Xplore:Computer, 38: 20-23, (2005).
• [3] Shih, D.H., Lin, B., Chiang, H.S., Shih, M.H., “Se-curity aspects of mobile phone virus: a critical sur-vey”, Industrial Management & Data Systems, 108: 478-494, (2008).
• [4] Xiaoyan Z., Juan F., Xiujuan W., “Android malware detection based on permissions”, Infor-mation and Communications Technologies (ICT 2014), 2014 International Conference on, Nan-jing, 1-5, (2014).
• [5] Geneiatakis D., Fovino I. N. , Kounelis I. ve Stir-paro P., “A Permission verification approach for Android mobile applications”, Computer & Secu-rity, 49: 192-205, (2015).
• [6] Su M.Y., Chang W.C., “Permission-based Malware Detection Mechanisms for Smart Phones”, Infor-mation Networking(OCOIN) International Confe-rence, Phuket, 449-452, (2014).
• [7] Bartel A., Klein J., Le Traon Y., Monperrus M., “Automatically securing permission-based software by reducing the attack surface: an applica-tion to Android”, ASE 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, New York, 274-277, (2012).
• [8] Felt A.P., Chin E., Hanna S., Song D., Wagner D., “Android permissions demystified”, CCS '11 Pro-ceedings of the 18th ACM conference on Compu-ter and communications security, New York, 627-638, (2011).
• [9] Rosen S., Qian Z., Mao Z.M., “AppProfiler: a flexible method of exposing privacy-related beha-vior in android applications to end users”, CO-DASPY '13 Proceedings of the third ACM confe-rence on Data and application security and pri-vacy, New York, 221-232, (2013).
• [10] Enck W., Gilbert P., Chun B.G., Cox L.P., Jung J., McDaniel P., Sheth A.N., “Appsplayground: an information-flow tracking system for realtime pri-vacy monitoring on smartphones”, OSDI'10 Proce-edings of the 9th USENIX conference on Opera-ting systems design and implementation, Berkeley, 393-407, (2010).
• [11] Berthome P., Fecherolle T., Guilloteau N., Lalande J.F., “Repackaging Android Applications for Audi-ting Access to Private Data”, 7th International Conference on Availability, Reliability and Secu-rity. IEEE Computer Society, Prague, 388-396, (2012).
• [12] Rastogi V, Chen Y, Enck W., “Appsplayground: automatic security analysis of smartphone applica-tions”, 3rd ACM Conference on Data and Appli-cation Security and Privacy, NewYork, 209-220, (2013).
• [13] Schreckling D, Kstler J, Schaff M., “Information Security Technical Report. Kynoid: real-time enfor-cement of fine-grained, userdefined, and data-cent-ric security policies for android”, 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosys-tems, Berlin, 208-223, (2012).
• [14] Kodeswaran P, Nandakumar V, Kapoor S, Kama-raju P, Joshi A, Mukherjea S., “Securing enterprise data on smartphones using run time information flow control”, 13th International Conference on Mobile Data Management. IEEE Computer Soci-ety, Bengaluru, Karnataka, 300-305, (2012).
• [15] Feth D, Pretschner A., “Flexible data-driven secu-rity for android.”, 2012 IEEE Sixth International Conference on Software Security and Reliability IEEE Computer Society, Washington, 41-50, (2012).
• [16] Beresford AR, Rice A, Skehin N, Sohan R., “Mockdroid: trading privacy for application functi-onality on smartphones”, 12th Workshop on Mo-bile Computing Systems and Applications, NewYork, 49-54, (2011).
• [17] Xiao X, Tillmann N, Fahndrich M, De Halleux J, Moskal M., “Useraware privacy control via exten-ded static-information-flow analysis”, 27th IEEE/ACM International Conference on Auto-mated Software Engineering, NewYork, 80-89, (2012).
• [18] Gibler C., Crussell J., Erickson J., Chen H., “And-roidLeaks: automatically detecting potential pri-vacy leaks in android applications on a large scale”, TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing, Berlin, 291-307, (2012).
• [19] Rosen S, Qian Z, Mao ZM., “AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users”, 3rd ACM Con-ference on Data and Application Security and Pri-vacy, NewYork, 221-232, (2013).
• [20] Fuchs AP, Chaudhuri A, Foster JS., “Scandroid: au-tomated security certification of android applicati-ons”, Tech Rep, (2009).
• [21] Xing L., Pan X., Wang R., Yuan K., Wang X., “Upg-rading your Android, elevating my malware: Privi-ledge escalation through Mobile OS updating”, IEEE Symposium on Security and Privacy, Was-hington, 393-408, (2014).
• [22] Fang Z., Han W., Li Y., “Permission based Android security: Issues and Countermeaures”, Computer & Security, 43 :205-218, (2014).
• [23]Stirparo P., Kounelis I., “The mobileak project: Fo-rensics methodology for mobile application privacy assessment”, Internet Technology and Secured Transactions: IEEE, London, 297-303, (2012).
• [24] Orthacker C., Teufl P., Kraxberger S., Lackner G., Gissing M., Marsalek A., Leibetseder J., Preven-hueber O., “Android security permissions- can we trust them?”, Security and Privacy in Mobile Infor-mation and Communication Systems, 94: 40-51, (2011).
• [25] Bartel A, Klein J, Le Traon Y, Monperrus M., “Dexpler: converting Android dalvik bytecode to jimple for static analysis with soot”, ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, New York, 27-38, (2012).
• [26] http://user.informatik.uni-goettingen.de/~darp/dre-bin/
• [27]http://knowyourmobile.com/devices/android-marsh-mallow/23415/android-marshmallow-review-fea-tures-material-design
• [28] RR Maier D., Protsenko M., Müller T., “A game of Droid and Mouse: The threat of split-personality malware on Andoid”, Computer&Security, 1-14, (2015).
• [29] Suarez-Tangil, G., Tapiador, J.E., Peris-L., “DEND-ROID: A text mining approach to analyzing and classifying code structures in Android malware fa-milies”, Expert Systems with Applications, 1104-1117, (2014).
• [30] Yerima, S.Y., Sezer, S., McWilliams, G., “Anaylsis of Bayesian classifcation-based approaches for Android malware detection”, IET Information Se-curity, 25-36, (2014).
• [31] Liang, S., Du, X., “Permission-Combination-based Scheme for Android Mobile Malware Detection”, 2014 IEEE International Conference on Commu-nications, Sydney, 2301-2306, (2014).
• [32] Yerima, S.Y., Sezer, S., Muttik, I., “Android Malware Detection Using Parallel Machine Lear-ning Classifiers”, 2014 18th International Confe-rence on Next Generation Mobile Applications, Services and Technologies, Oxford, 37-42, (2014)
• [33] Yerima, S.Y., Sezer, S., Muttik, I., “A New Android Malware Detection Approach Using Bayesian Clas-sification”, 2013 IEEE 27th International Confe-rence on Advanced Information Network and Applications, Barcelona, 121-128, (2013)
• [34] Liu, X., Liu, J., “A Two-layerd Permission-based Android Malware Detection Scheme”, 2nd IEEE International Conference on Mobile Cloud Com-puting, Services and Engineering, Oxford, 142-148, (2014)
• [35] ] Liu, W., “Multiple classifier system based android malware detection”, Internation Conference on Machine Learning and Cybernetics, Tianjin, 57-62, (2013)
• [36] Sheen, S., Anitha, R., Natarajan, V., “Android based malware detection using a multifeature collabora-tive decision fusion approach”, Neurocomputing, 905-912, (2015)
• [37] Shen, T., Zhongyang, Y., Xin, Z., “Detect Android Malware Variants using Component Based Topo-logy Graph”, IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 406-413, (2014)
• [38] Kabakus, A.T., Dogru, I.A., Aydın, C., “APK Au-ditor: Permission-based Android Malware Detec-tion Systems”, Digital Investigation, 1-14, (2015).
• [39] Yılmaz, E., Koğar H., “Uç Değerle Baş Etmede Kul-lanılan Farklı Tekniklerin Bazı İstatistiksel Analiz Sonuçları Üzerindeki Etkisi”, Journal of Education, 61-67, (2015).