Research Article
BibTex RIS Cite

Permisson Comparison Based Malware Detection System for Android Mobile Applications

Year 2017, Volume: 20 Issue: 1, 175 - 189, 01.03.2017

Abstract

Mobile applications create their own security and privacy models through permission based models. Applications, if they require

to access any sensitive data in mobile devices that they are downloaded on, in order to do the needed system call for this access,

they have to define only required permissions. However, some applications may request extra permissions which they do not need

and may use these permissions for suspicious database access they do later. In this study, the aim is to determine those extra

requested permissions and to use this on the security and privacy model. According to the study, through the determined methodology,

risk values of applications are determined in the light of pre-determined levels within datasets. It is an approach that uses

static analysis and code analysis together. According to this approach, the permissions that the applications request and use are

determined separately and the applications that request extra permissions are discovered. Then, via the produced formula, suspicion

value of every application is determined and applications are classified as malicious or benignant according to this value. This

approach was applied on existing datasets; the results were compared and accuracy level was determined.For Android operating

system, it is aimed to determine the malicious applications via this newly developed method and to create a safer Android atmosphere

for users.

References

  • [1] Seo S., Gupta A., Sallam A.M., Bertino E., Yim K., “Detecting mobile malware threats to homeland se-curity through static analysis”, Journal of Network and Computer Applications, 38: 43-53, (2014).
  • [2] Leavitt N., “Mobile phones: the next frontier for hackers?”, IEEE Xplore:Computer, 38: 20-23, (2005).
  • [3] Shih, D.H., Lin, B., Chiang, H.S., Shih, M.H., “Se-curity aspects of mobile phone virus: a critical sur-vey”, Industrial Management & Data Systems, 108: 478-494, (2008).
  • [4] Xiaoyan Z., Juan F., Xiujuan W., “Android malware detection based on permissions”, Infor-mation and Communications Technologies (ICT 2014), 2014 International Conference on, Nan-jing, 1-5, (2014).
  • [5] Geneiatakis D., Fovino I. N. , Kounelis I. ve Stir-paro P., “A Permission verification approach for Android mobile applications”, Computer & Secu-rity, 49: 192-205, (2015).
  • [6] Su M.Y., Chang W.C., “Permission-based Malware Detection Mechanisms for Smart Phones”, Infor-mation Networking(OCOIN) International Confe-rence, Phuket, 449-452, (2014).
  • [7] Bartel A., Klein J., Le Traon Y., Monperrus M., “Automatically securing permission-based software by reducing the attack surface: an applica-tion to Android”, ASE 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, New York, 274-277, (2012).
  • [8] Felt A.P., Chin E., Hanna S., Song D., Wagner D., “Android permissions demystified”, CCS '11 Pro-ceedings of the 18th ACM conference on Compu-ter and communications security, New York, 627-638, (2011).
  • [9] Rosen S., Qian Z., Mao Z.M., “AppProfiler: a flexible method of exposing privacy-related beha-vior in android applications to end users”, CO-DASPY '13 Proceedings of the third ACM confe-rence on Data and application security and pri-vacy, New York, 221-232, (2013).
  • [10] Enck W., Gilbert P., Chun B.G., Cox L.P., Jung J., McDaniel P., Sheth A.N., “Appsplayground: an information-flow tracking system for realtime pri-vacy monitoring on smartphones”, OSDI'10 Proce-edings of the 9th USENIX conference on Opera-ting systems design and implementation, Berkeley, 393-407, (2010).
  • [11] Berthome P., Fecherolle T., Guilloteau N., Lalande J.F., “Repackaging Android Applications for Audi-ting Access to Private Data”, 7th International Conference on Availability, Reliability and Secu-rity. IEEE Computer Society, Prague, 388-396, (2012).
  • [12] Rastogi V, Chen Y, Enck W., “Appsplayground: automatic security analysis of smartphone applica-tions”, 3rd ACM Conference on Data and Appli-cation Security and Privacy, NewYork, 209-220, (2013).
  • [13] Schreckling D, Kstler J, Schaff M., “Information Security Technical Report. Kynoid: real-time enfor-cement of fine-grained, userdefined, and data-cent-ric security policies for android”, 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosys-tems, Berlin, 208-223, (2012).
  • [14] Kodeswaran P, Nandakumar V, Kapoor S, Kama-raju P, Joshi A, Mukherjea S., “Securing enterprise data on smartphones using run time information flow control”, 13th International Conference on Mobile Data Management. IEEE Computer Soci-ety, Bengaluru, Karnataka, 300-305, (2012).
  • [15] Feth D, Pretschner A., “Flexible data-driven secu-rity for android.”, 2012 IEEE Sixth International Conference on Software Security and Reliability IEEE Computer Society, Washington, 41-50, (2012).
  • [16] Beresford AR, Rice A, Skehin N, Sohan R., “Mockdroid: trading privacy for application functi-onality on smartphones”, 12th Workshop on Mo-bile Computing Systems and Applications, NewYork, 49-54, (2011).
  • [17] Xiao X, Tillmann N, Fahndrich M, De Halleux J, Moskal M., “Useraware privacy control via exten-ded static-information-flow analysis”, 27th IEEE/ACM International Conference on Auto-mated Software Engineering, NewYork, 80-89, (2012).
  • [18] Gibler C., Crussell J., Erickson J., Chen H., “And-roidLeaks: automatically detecting potential pri-vacy leaks in android applications on a large scale”, TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing, Berlin, 291-307, (2012).
  • [19] Rosen S, Qian Z, Mao ZM., “AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users”, 3rd ACM Con-ference on Data and Application Security and Pri-vacy, NewYork, 221-232, (2013).
  • [20] Fuchs AP, Chaudhuri A, Foster JS., “Scandroid: au-tomated security certification of android applicati-ons”, Tech Rep, (2009).
  • [21] Xing L., Pan X., Wang R., Yuan K., Wang X., “Upg-rading your Android, elevating my malware: Privi-ledge escalation through Mobile OS updating”, IEEE Symposium on Security and Privacy, Was-hington, 393-408, (2014).
  • [22] Fang Z., Han W., Li Y., “Permission based Android security: Issues and Countermeaures”, Computer & Security, 43 :205-218, (2014).
  • [23]Stirparo P., Kounelis I., “The mobileak project: Fo-rensics methodology for mobile application privacy assessment”, Internet Technology and Secured Transactions: IEEE, London, 297-303, (2012).
  • [24] Orthacker C., Teufl P., Kraxberger S., Lackner G., Gissing M., Marsalek A., Leibetseder J., Preven-hueber O., “Android security permissions- can we trust them?”, Security and Privacy in Mobile Infor-mation and Communication Systems, 94: 40-51, (2011).
  • [25] Bartel A, Klein J, Le Traon Y, Monperrus M., “Dexpler: converting Android dalvik bytecode to jimple for static analysis with soot”, ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, New York, 27-38, (2012).
  • [26] http://user.informatik.uni-goettingen.de/~darp/dre-bin/
  • [27]http://knowyourmobile.com/devices/android-marsh-mallow/23415/android-marshmallow-review-fea-tures-material-design
  • [28] RR Maier D., Protsenko M., Müller T., “A game of Droid and Mouse: The threat of split-personality malware on Andoid”, Computer&Security, 1-14, (2015).
  • [29] Suarez-Tangil, G., Tapiador, J.E., Peris-L., “DEND-ROID: A text mining approach to analyzing and classifying code structures in Android malware fa-milies”, Expert Systems with Applications, 1104-1117, (2014).
  • [30] Yerima, S.Y., Sezer, S., McWilliams, G., “Anaylsis of Bayesian classifcation-based approaches for Android malware detection”, IET Information Se-curity, 25-36, (2014).
  • [31] Liang, S., Du, X., “Permission-Combination-based Scheme for Android Mobile Malware Detection”, 2014 IEEE International Conference on Commu-nications, Sydney, 2301-2306, (2014).
  • [32] Yerima, S.Y., Sezer, S., Muttik, I., “Android Malware Detection Using Parallel Machine Lear-ning Classifiers”, 2014 18th International Confe-rence on Next Generation Mobile Applications, Services and Technologies, Oxford, 37-42, (2014)
  • [33] Yerima, S.Y., Sezer, S., Muttik, I., “A New Android Malware Detection Approach Using Bayesian Clas-sification”, 2013 IEEE 27th International Confe-rence on Advanced Information Network and Applications, Barcelona, 121-128, (2013)
  • [34] Liu, X., Liu, J., “A Two-layerd Permission-based Android Malware Detection Scheme”, 2nd IEEE International Conference on Mobile Cloud Com-puting, Services and Engineering, Oxford, 142-148, (2014)
  • [35] ] Liu, W., “Multiple classifier system based android malware detection”, Internation Conference on Machine Learning and Cybernetics, Tianjin, 57-62, (2013)
  • [36] Sheen, S., Anitha, R., Natarajan, V., “Android based malware detection using a multifeature collabora-tive decision fusion approach”, Neurocomputing, 905-912, (2015)
  • [37] Shen, T., Zhongyang, Y., Xin, Z., “Detect Android Malware Variants using Component Based Topo-logy Graph”, IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 406-413, (2014)
  • [38] Kabakus, A.T., Dogru, I.A., Aydın, C., “APK Au-ditor: Permission-based Android Malware Detec-tion Systems”, Digital Investigation, 1-14, (2015).
  • [39] Yılmaz, E., Koğar H., “Uç Değerle Baş Etmede Kul-lanılan Farklı Tekniklerin Bazı İstatistiksel Analiz Sonuçları Üzerindeki Etkisi”, Journal of Education, 61-67, (2015).

Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti

Year 2017, Volume: 20 Issue: 1, 175 - 189, 01.03.2017

Abstract

Mobil uygulamalar izin tabanlı modelleri sayesinde kendi güvenlik ve gizlilik modellerini oluştururlar. Uygulamalar, yüklendikleri
mobil araçlarda herhangi bir hassas veriye erişmek isterlerse, bu erişim için sadece ihtiyaç duydukları izinleri tanımlamalıdırlar.
Ancak bazı uygulamalar, gerek duyacakları izinlerin haricinde fazladan izin talebinde bulunmakta ve bunu daha sonra yapacakları
şüpheli kaynak erişimleri için kullanabilmektedirler. Bu çalışmada belirlenen yöntem ile veri setleri kullanılarak daha önceden
belirlenen seviyeler doğrultusunda uygulamaların risk değerleri belirlenmektedir. Statik analiz ve kod analizi metotlarını birlikte
kullanılmıştır. Kullanılan yaklaşıma göre uygulamaların istedikleri ve kullandıkları izinler belirlenmekte ve fazladan izin talebinde
bulunan uygulamalar çıkarılmaktadır. Sonrasında ortaya konulan formül sayesinde her bir uygulama için şüphe değeri belirlenmekte
ve bu değere göre uygulamalar kötücül veya zararsız olarak sınıflandırılmaktadır. Ortaya konulan bu yaklaşım, var olan veri
setleri üzerinde uygulanarak sonuçları karşılaştırılmış ve doğruluk seviyesi belirlenmiştir. Android işletim sistemi için, geliştirilen
bu yeni yöntem sayesinde kötücül yazılımların tespit edilmesi ve kullanıcılar açısından daha güvenli bir Android ortamının oluşturulması
amaçlanmıştır.

References

  • [1] Seo S., Gupta A., Sallam A.M., Bertino E., Yim K., “Detecting mobile malware threats to homeland se-curity through static analysis”, Journal of Network and Computer Applications, 38: 43-53, (2014).
  • [2] Leavitt N., “Mobile phones: the next frontier for hackers?”, IEEE Xplore:Computer, 38: 20-23, (2005).
  • [3] Shih, D.H., Lin, B., Chiang, H.S., Shih, M.H., “Se-curity aspects of mobile phone virus: a critical sur-vey”, Industrial Management & Data Systems, 108: 478-494, (2008).
  • [4] Xiaoyan Z., Juan F., Xiujuan W., “Android malware detection based on permissions”, Infor-mation and Communications Technologies (ICT 2014), 2014 International Conference on, Nan-jing, 1-5, (2014).
  • [5] Geneiatakis D., Fovino I. N. , Kounelis I. ve Stir-paro P., “A Permission verification approach for Android mobile applications”, Computer & Secu-rity, 49: 192-205, (2015).
  • [6] Su M.Y., Chang W.C., “Permission-based Malware Detection Mechanisms for Smart Phones”, Infor-mation Networking(OCOIN) International Confe-rence, Phuket, 449-452, (2014).
  • [7] Bartel A., Klein J., Le Traon Y., Monperrus M., “Automatically securing permission-based software by reducing the attack surface: an applica-tion to Android”, ASE 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, New York, 274-277, (2012).
  • [8] Felt A.P., Chin E., Hanna S., Song D., Wagner D., “Android permissions demystified”, CCS '11 Pro-ceedings of the 18th ACM conference on Compu-ter and communications security, New York, 627-638, (2011).
  • [9] Rosen S., Qian Z., Mao Z.M., “AppProfiler: a flexible method of exposing privacy-related beha-vior in android applications to end users”, CO-DASPY '13 Proceedings of the third ACM confe-rence on Data and application security and pri-vacy, New York, 221-232, (2013).
  • [10] Enck W., Gilbert P., Chun B.G., Cox L.P., Jung J., McDaniel P., Sheth A.N., “Appsplayground: an information-flow tracking system for realtime pri-vacy monitoring on smartphones”, OSDI'10 Proce-edings of the 9th USENIX conference on Opera-ting systems design and implementation, Berkeley, 393-407, (2010).
  • [11] Berthome P., Fecherolle T., Guilloteau N., Lalande J.F., “Repackaging Android Applications for Audi-ting Access to Private Data”, 7th International Conference on Availability, Reliability and Secu-rity. IEEE Computer Society, Prague, 388-396, (2012).
  • [12] Rastogi V, Chen Y, Enck W., “Appsplayground: automatic security analysis of smartphone applica-tions”, 3rd ACM Conference on Data and Appli-cation Security and Privacy, NewYork, 209-220, (2013).
  • [13] Schreckling D, Kstler J, Schaff M., “Information Security Technical Report. Kynoid: real-time enfor-cement of fine-grained, userdefined, and data-cent-ric security policies for android”, 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosys-tems, Berlin, 208-223, (2012).
  • [14] Kodeswaran P, Nandakumar V, Kapoor S, Kama-raju P, Joshi A, Mukherjea S., “Securing enterprise data on smartphones using run time information flow control”, 13th International Conference on Mobile Data Management. IEEE Computer Soci-ety, Bengaluru, Karnataka, 300-305, (2012).
  • [15] Feth D, Pretschner A., “Flexible data-driven secu-rity for android.”, 2012 IEEE Sixth International Conference on Software Security and Reliability IEEE Computer Society, Washington, 41-50, (2012).
  • [16] Beresford AR, Rice A, Skehin N, Sohan R., “Mockdroid: trading privacy for application functi-onality on smartphones”, 12th Workshop on Mo-bile Computing Systems and Applications, NewYork, 49-54, (2011).
  • [17] Xiao X, Tillmann N, Fahndrich M, De Halleux J, Moskal M., “Useraware privacy control via exten-ded static-information-flow analysis”, 27th IEEE/ACM International Conference on Auto-mated Software Engineering, NewYork, 80-89, (2012).
  • [18] Gibler C., Crussell J., Erickson J., Chen H., “And-roidLeaks: automatically detecting potential pri-vacy leaks in android applications on a large scale”, TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing, Berlin, 291-307, (2012).
  • [19] Rosen S, Qian Z, Mao ZM., “AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users”, 3rd ACM Con-ference on Data and Application Security and Pri-vacy, NewYork, 221-232, (2013).
  • [20] Fuchs AP, Chaudhuri A, Foster JS., “Scandroid: au-tomated security certification of android applicati-ons”, Tech Rep, (2009).
  • [21] Xing L., Pan X., Wang R., Yuan K., Wang X., “Upg-rading your Android, elevating my malware: Privi-ledge escalation through Mobile OS updating”, IEEE Symposium on Security and Privacy, Was-hington, 393-408, (2014).
  • [22] Fang Z., Han W., Li Y., “Permission based Android security: Issues and Countermeaures”, Computer & Security, 43 :205-218, (2014).
  • [23]Stirparo P., Kounelis I., “The mobileak project: Fo-rensics methodology for mobile application privacy assessment”, Internet Technology and Secured Transactions: IEEE, London, 297-303, (2012).
  • [24] Orthacker C., Teufl P., Kraxberger S., Lackner G., Gissing M., Marsalek A., Leibetseder J., Preven-hueber O., “Android security permissions- can we trust them?”, Security and Privacy in Mobile Infor-mation and Communication Systems, 94: 40-51, (2011).
  • [25] Bartel A, Klein J, Le Traon Y, Monperrus M., “Dexpler: converting Android dalvik bytecode to jimple for static analysis with soot”, ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, New York, 27-38, (2012).
  • [26] http://user.informatik.uni-goettingen.de/~darp/dre-bin/
  • [27]http://knowyourmobile.com/devices/android-marsh-mallow/23415/android-marshmallow-review-fea-tures-material-design
  • [28] RR Maier D., Protsenko M., Müller T., “A game of Droid and Mouse: The threat of split-personality malware on Andoid”, Computer&Security, 1-14, (2015).
  • [29] Suarez-Tangil, G., Tapiador, J.E., Peris-L., “DEND-ROID: A text mining approach to analyzing and classifying code structures in Android malware fa-milies”, Expert Systems with Applications, 1104-1117, (2014).
  • [30] Yerima, S.Y., Sezer, S., McWilliams, G., “Anaylsis of Bayesian classifcation-based approaches for Android malware detection”, IET Information Se-curity, 25-36, (2014).
  • [31] Liang, S., Du, X., “Permission-Combination-based Scheme for Android Mobile Malware Detection”, 2014 IEEE International Conference on Commu-nications, Sydney, 2301-2306, (2014).
  • [32] Yerima, S.Y., Sezer, S., Muttik, I., “Android Malware Detection Using Parallel Machine Lear-ning Classifiers”, 2014 18th International Confe-rence on Next Generation Mobile Applications, Services and Technologies, Oxford, 37-42, (2014)
  • [33] Yerima, S.Y., Sezer, S., Muttik, I., “A New Android Malware Detection Approach Using Bayesian Clas-sification”, 2013 IEEE 27th International Confe-rence on Advanced Information Network and Applications, Barcelona, 121-128, (2013)
  • [34] Liu, X., Liu, J., “A Two-layerd Permission-based Android Malware Detection Scheme”, 2nd IEEE International Conference on Mobile Cloud Com-puting, Services and Engineering, Oxford, 142-148, (2014)
  • [35] ] Liu, W., “Multiple classifier system based android malware detection”, Internation Conference on Machine Learning and Cybernetics, Tianjin, 57-62, (2013)
  • [36] Sheen, S., Anitha, R., Natarajan, V., “Android based malware detection using a multifeature collabora-tive decision fusion approach”, Neurocomputing, 905-912, (2015)
  • [37] Shen, T., Zhongyang, Y., Xin, Z., “Detect Android Malware Variants using Component Based Topo-logy Graph”, IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 406-413, (2014)
  • [38] Kabakus, A.T., Dogru, I.A., Aydın, C., “APK Au-ditor: Permission-based Android Malware Detec-tion Systems”, Digital Investigation, 1-14, (2015).
  • [39] Yılmaz, E., Koğar H., “Uç Değerle Baş Etmede Kul-lanılan Farklı Tekniklerin Bazı İstatistiksel Analiz Sonuçları Üzerindeki Etkisi”, Journal of Education, 61-67, (2015).
There are 39 citations in total.

Details

Primary Language Turkish
Subjects Engineering
Journal Section Research Article
Authors

Recep Sinan Arslan This is me

İbrahim Alper Doğru This is me

Necaattin Barışçı

Publication Date March 1, 2017
Submission Date May 21, 2016
Published in Issue Year 2017 Volume: 20 Issue: 1

Cite

APA Arslan, R. S., Doğru, İ. A., & Barışçı, N. (2017). Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi, 20(1), 175-189.
AMA Arslan RS, Doğru İA, Barışçı N. Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi. March 2017;20(1):175-189.
Chicago Arslan, Recep Sinan, İbrahim Alper Doğru, and Necaattin Barışçı. “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”. Politeknik Dergisi 20, no. 1 (March 2017): 175-89.
EndNote Arslan RS, Doğru İA, Barışçı N (March 1, 2017) Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi 20 1 175–189.
IEEE R. S. Arslan, İ. A. Doğru, and N. Barışçı, “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”, Politeknik Dergisi, vol. 20, no. 1, pp. 175–189, 2017.
ISNAD Arslan, Recep Sinan et al. “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”. Politeknik Dergisi 20/1 (March 2017), 175-189.
JAMA Arslan RS, Doğru İA, Barışçı N. Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi. 2017;20:175–189.
MLA Arslan, Recep Sinan et al. “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”. Politeknik Dergisi, vol. 20, no. 1, 2017, pp. 175-89.
Vancouver Arslan RS, Doğru İA, Barışçı N. Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi. 2017;20(1):175-89.