MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs

The dramatic rise of Android application (app) marketplaces has significantly gained the success of convenience for mobile users. Consequently, with the advantage of numerous Android apps, Android malware seizes the opportunity to steal privacy-sensitive data by pretending to provide functionalities...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on reliability 2018-03, Vol.67 (1), p.355-369
Main Authors: Tao, Guanhong, Zheng, Zibin, Guo, Ziying, Lyu, Michael R.
Format: Article
Language:English
Subjects:
Android applications
Androids
Anti-virus software
Applications programs
Computer viruses
Data mining
Feature extraction
Hand tools
Humanoid robots
Malware
malware detection
Mobile communication
permission-related APIs
random forests
Security
software security
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The dramatic rise of Android application (app) marketplaces has significantly gained the success of convenience for mobile users. Consequently, with the advantage of numerous Android apps, Android malware seizes the opportunity to steal privacy-sensitive data by pretending to provide functionalities as benign apps do. To distinguish malware from millions of Android apps, researchers have proposed sophisticated static and dynamic analysis tools to automatically detect and classify malicious apps. Most of these tools, however, rely on manual configuration of lists of features based on permissions, sensitive resources, intents, etc., which are difficult to come by. To address this problem, we study real-world Android apps to mine hidden patterns of malware and are able to extract highly sensitive APIs that are widely used in Android malware. We also implement an automated malware detection system, MalPat, to fight against malware and assist Android app marketplaces to address unknown malicious apps. Comprehensive experiments are conducted on our dataset consisting of 31 185 benign apps and 15 336 malware samples. Experimental results show that MalPat is capable of detecting malware with a high F_1 score (98.24%) comparing with the state-of-the-art approaches.
ISSN:0018-9529
1558-1721
DOI:10.1109/TR.2017.2778147