Index Terms: Smart phones, Malwares, security, permission violation, malware detection, mobile devices, Android, security

Size: px

Start display at page:

Download "Index Terms: Smart phones, Malwares, security, permission violation, malware detection, mobile devices, Android, security"

Cory Austin
8 years ago
Views:

1 Permission Based Malware Detection Approach Using Naive Bayes Classifier Technique For Android Devices. Pranay Kshirsagar, Pramod Mali, Hrishikesh Bidwe. Department Of Information Technology G. S. Moze College of Engineering, Pune, India A B S T R A C T Mobile computing has grown over period of 5 years with a great popularity. Devices such as Smart phones, PDA s and Tablets have become popular by increasing number and complexity of their capabilities. Android has become the main target of Malware developers in past few years. The malware threat for mobile phones is expected to increase with the functionality enhancement of mobile phones. In fact malicious applications and hackers are taking advantage of both the limited capabilities and lack of standard security mechanism. One of Android`s main defense mechanism against malicious apps is a permission based access control mechanism. So, it becomes necessary to have some effective and probabilistic detection and preventive mechanisms. Index Terms: Smart phones, Malwares, security, permission violation, malware detection, mobile devices, Android, security I. INTRODUCTION A. Need Mobile computing has grown in recent years with a great popularity. Devices, such as Smartphone, Tablets and PDAS, have become popular by increasing the number and complexity of their capabilities. The malware threat for mobile phones is expected to increase with the functionality enhancement of mobile phones. In fact, malicious users and hackers are taking advantage of both the limited capabilities of mobile devices and the lack of standard security mechanisms. So, it becomes necessity of users to have effective and probabilistic detection and prevention techniques. Our system will monitor various permission based features and events obtained from the android applications, and analyze these features by using machine learning classifiers to detect whether the application is good ware or malware. Figure 1. Application of Android Device Security B. Basic Concept , IJAFRC and NCRTIT 2015 All Rights Reserved

com A B S T R A C T Mobile computing has grown over period of 5 years with a great popularity.

2 The Entry of Malwares in an Android device causes the performance issues such as Junk Code insertion, code integration; security issues such as, renaming, memory access reordering and session hijacking. At this point of infection, the virus hijacks the control of the program after the program has been launched, overwrite program, import table addresses and function call instructions, program or inject its code into unused sections of a program code. On the other hand, malware has some basic strategies adopted on a cell phone viz; By creating a new process to launch its attack. By redirecting the program flow of a legitimate application in order to execute its malicious code within a legitimate security context (e.g. messaging process). By access to personal data for a purpose of misuse. II. ADVANTAGES A. Secure Messaging Phones however, may vary in their abilities to interact securely with the business network. Usage of antimalware applications lets the application to interact safely with these services without opening up security holes. The even better approach will be to remove device from network as per the security provisions. B. Content Management The android mobiles have content in the form of images, videos, documents, etc. The secure management of these contents is much important issue while dealing with mobile data security. The usage of antimalware applications lets the android user to care for their data by assuring them content security of their data. C. An Integrated Firewall Smart phones generally, do not include a firewall. Mobile data security applications cover up this lack, enforcing firewall capacities on these devices which lets the android device to stay safe from malicious attacks. D. Integration of device performance The infection of malware causes insertion of junk codes and creating unnecessary processes which causes degradation of performance. The usage of anti-malware applications lets the android user to integrate the device performance in the sense of disallowing junk code insertion. III. PROPOSED SYSTEM In our system, we proposed the more comprehensive detection techniques than the existing ones. Our proposed malware detection approach is based on apps permissions checking those request the access to resources , IJAFRC and NCRTIT 2015 All Rights Reserved

At this point of infection, the virus hijacks the control of the program after the program has been launched, overwrite program, import table addresses and function call instructions, program or

3 With application of data mining we have identified real permissions required by the application, and adopted the features by that application. With extraction of apps permission from their.apk file The probabilities will be calculated with Naïve bayes classifier to detect whether the application is goodware or malware. 5. The blacklisting will be provided for malicious applications. IV. OBJECTIVES To provide more comprehensive protection. To improve the system performance. Securing the access to device resources. Blocking the sources of malicious application V. ARCHITECTURE OF SYSTEM Figure 2. Malware Detection Framework As shown in above architecture diagram, the proposed system has focus on malware detection using permission based approach. For the said initiative, the resource access permissions are extracted from file androidmanifest.xml showing the currently acquired permissions by an application. Following are some the permissions requested by application while at the time of installation. 1. android.permission.change_configuration- It permits the application to change the configuration of system; may alter the resource usage permission for user of their mobile device. This could make user unable to use their device resources. 2. android.permission.call_phone- It permits the application to make call from user s phone itself without notification to user. This may charge money to the user , IJAFRC and NCRTIT 2015 All Rights Reserved

OBJECTIVES To provide more comprehensive protection. To improve the system performance. Securing the access to device resources. Blocking the sources of malicious application V.

4 3. android.permission.internet- The application request access to INTERNET permission when application is installed. The user can allow this permission request because they do not know this permission request is important or not. Every application does not require this permission request. If an application does not require INTERNET permission but if it requests the same, this application cannot be defined as normal application. INTERNET permission request is one of the dangerous features because the malware application can send user privacy information or personal data to their websites. 4. android.permission.write_sms- It permits the application to write the message without any notification to user. 5. android.permission.send_sms- The application can send SMS message so that the money can be lost by installing similar applications with this permission request. For each Android application, we will retrieve several selected features from the corresponding application package (APK) file. In addition, we could identify real permissions required by the application, and adopted the features for malware detection. The values of selected features are stored as a binary number (0 or 1) The malware database at server will have the history of previously known malwares and trained data set developed using data mining technique. Where the prediction will be done using the Naïve Bayes classifier Technique. Using this technique we could easily and probably identify whether the application is malware or good ware. VI. FUTURE SCOPE The described technique deals with malwares that enters the system or mobile devices through violation of resource access permission. This helps to keep system protected from malwares. As a future work, we are looking towards malware detection based on their semantic with automation. VII. CONCLUSION To provide well-rounded protection for android devices, a security suite such as more comprehensive and effective mechanism is needed for the protection of android smartphones from malwares and malicious applications. VIII. REFERENCES [1] V. Rastogi, Y. Chen, and X. Jiang, DroidChameleon in Proc. ACM ASIACCS, May 2013, pp [2] M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan, Synthesizing near-optimal malware specifications from suspicious behaviors, in Proc. IEEE Symp. SP, May 2010, pp , IJAFRC and NCRTIT 2015 All Rights Reserved

If an application does not require INTERNET permission but if it requests the same, this application cannot be defined as normal application.

5 [3] Y. Zhou and X. Jiang, Dissecting android malware: Characterization and evolution, in Proc. IEEE Symp. Security Privacy, May 2012,pp [4] V. Rastogi, Y. Chen, and X. Jiang, Catch Me If You Can: Evaluating Android antimalware against transformation attacks, in Proc. IEEE Symp. SP, January [5] Cen L, Gates C, A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code, in secure computing, Sep2014. [6] Xing Liu, Jiqiang Liu, A Two-layered Permission-based Android Malware Detection Scheme, in Proc. IEEE Symp. Mobile Cloud Computing, [7] M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan, Synthesizing near-optimal malware specifications from suspicious behaviors, in Proc. IEEE Symp. SP, May 2010, pp [8] Y. Zhou and X. Jiang, Dissecting android malware: Characterization and evolution, in Proc. IEEE Symp. Security Privacy, May 2012, pp [9] Zarni Aung, Win Zaw, Permission-Based Android Malware Detection, in Proc. IJSTR, MARCH , IJAFRC and NCRTIT 2015 All Rights Reserved

[5] Cen L, Gates C, A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code, in secure computing, Sep2014.

Research on Monitoring Method of. Permission Requests by Mobile Applications

Contemporary Engineering Sciences, Vol. 7, 2014, no. 31, 1683-1689 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411226 Research on Monitoring Method of Permission Requests by Mobile