[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3837/tiis.2015.08.012

Intelligent Approach for Android Malware Detection

Abdulla, Shubair (College of Education, Instructional and Learning Technology Department, Sultan Qaboos University)
Altaher, Altyeb (Faculty of Computing and Information Technology, King Abdulaziz University)

Publication Information

KSII Transactions on Internet and Information Systems (TIIS) / v.9, no.8, 2015 , pp. 2964-2983 More about this Journal

Abstract

As the Android operating system has become a key target for malware authors, Android protection has become a thriving research area. Beside the proved importance of system permissions for malware analysis, there is a lot of overlapping in permissions between malware apps and goodware apps. The exploitation of them effectively in malware detection is still an open issue. In this paper, to investigate the feasibility of neuro-fuzzy techniques to Android protection based on system permissions, we introduce a self-adaptive neuro-fuzzy inference system to classify the Android apps into malware and goodware. According to the framework introduced, the most significant permissions that characterize optimally malware apps are identified using Information Gain Ratio method and encapsulated into patterns of features. The patterns of features data is used to train and test the system using stratified cross-validation methodologies. The experiments conducted conclude that the proposed classifier can be effective in Android protection. The results also underline that the neuro-fuzzy techniques are feasible to employ in the field.

Keywords

Android; neuro-fuzzy; malware detection; system permissions; classification;

Citations & Related Records

Reference

1	A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, ""Andromaly": a behavioral malware detection framework for android devices," Journal of Intelligent Information Systems, vol. 38, pp. 161-190, 2012. Article (CrossRef Link) DOI
2	A.-D. Schmidt, "Detection of Smartphone Malware," Berlin Institute of Technology, 2011.
3	F. Shahzad, M. Akbar, S. Khan, and M. Farooq, "Tstructdroid: Realtime malware detection using in-execution dynamic analysis of kernel process control blocks on android," National University of Computer & Emerging Sciences, Tech. Rep, 2013.
4	N. Peiravian and X. Zhu, "Machine Learning for Android Malware Detection Using Permission and API Calls," in Proc. of Tools with Artificial Intelligence (ICTAI), 2013 IEEE 25th International Conference on, 2013, pp. 300-305. Article (CrossRef Link)
5	B. Sanz, I. Santos, C. Laorden, X. Ugarte-Pedrero, P. G. Bringas, and G. Álvarez, "Puma: Permission usage to detect malware in android," in proc. of International Joint Conference CISIS'12-ICEUTE´ 12-SOCO´ 12 Special Sessions, pp. 289-298, 2013. Article (CrossRef Link)
6	C.-Y. Huang, Y.-T. Tsai, and C.-H. Hsu, "Performance Evaluation on Permission-Based Detection for Android Malware," Advances in Intelligent Systems and Applications-Volume 2, ed: Springer, pp. 111-120, 2013. Article (CrossRef Link)
7	L. Patel and D. Sharma, "CYBER TRIANGLE," International Journal For Technological Research In Engineering, vol. 1, pp. 799-807, 2014.
8	W. Xu, F. Zhang, and S. Zhu, "Permlyzer: Analyzing permission usage in Android applications," Software Reliability Engineering (ISSRE), 2013 IEEE 24th International Symposium on, pp. 400-410, 2013. Article (CrossRef Link)
9	T. T. Gotora, K. Zvarevashe, and P. Nandan, "A Survey on the Security Fight against Ransomware and Trojans in Android," International Journal of Innovative Research in Computer and Communication Engineering, vol. 2, pp. 4115-4123, 2014.
10	Y. Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution," in Security and Privacy, 2012 IEEE Symposium on, pp. 95-109, 2012. Article (CrossRef Link)
11	P. Xiong, X. Wang, W. Niu, T. Zhu, and G. Li, "Android malware detection with contrasting permission patterns," Communications, vol. 11, pp. 1-14, 2014. Article (CrossRef Link)
12	S. Mansfield-Devine, "Android malware and mitigations," Network Security, vol. 2012, pp. 12-20, 2012. Article (CrossRef Link)
13	P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. Gaur, M. Conti, and R. Muttukrishnan, "Android Security: A Survey of Issues, Malware Penetration and Defenses," Communications Surveys & Tutorials, IEEE, vol. PP, pp. 1-1, 2015.
14	G. Suarez-Tangil, J. Tapiador, P. Peris-Lopez, and A. Ribagorda, "Evolution, detection and analysis of malware for smart devices," 2013.
15	R. Fedler, J. Schütte, and M. Kulicke, "On the effectiveness of malware protection on Android," Tech Repo April Fraunhofer AISEC, 2013.
16	P. Faruki, V. Laxmi, A. Bharmal, M. Gaur, and V. Ganmoor, "AndroSimilar: Robust signature for detecting variants of Android malware," Journal of Information Security and Applications, 2014.
17	Sophos Security Threat Report 2014, 2014. http://www.sophos.com/en-us/threat-center/security-threat-report.aspx
18	L.-K. Yan and H. Yin, "DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis," USENIX Security Symposium, pp. 569-584, 2012.
19	Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets," in Proc. of the 19th Network and Distributed System Security Symposium (NDSS), 2012.
20	Gartner, "Worldwide Tablet Sales Grew 68 Percent in 2013, With Android Capturing 62 Percent of the Market," 2014. http://www.gartner.com/newsroom/id/2674215
21	N. K. Kasabov and Q. Song, "DENFIS: dynamic evolving neural-fuzzy inference system and its application for time-series prediction," Fuzzy Systems, IEEE Transactions on, vol. 10, pp. 144-154, 2002. Article (CrossRef Link) DOI
22	C. D. Katsis, N. Katertsidis, G. Ganiatsas, and D. I. Fotiadis, "Toward emotion recognition in car-racing drivers: A biosignal processing approach," Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions on, vol. 38, pp. 502-512, 2008. Article (CrossRef Link) DOI
23	A. Shubair and A. Al-Nassiri, "kEFCM: kNN-Based Dynamic Evolving Fuzzy Clustering Method," International Journal of Advanced Computer Science and Applications (IJACSA), vol. 6 , no.2. Article (CrossRef Link)
24	T. Fushiki, "Estimation of prediction error by using K-fold cross-validation," Statistics and Computing, vol. 21, pp. 137-146, 2011. Article (CrossRef Link) DOI
25	D. L. Olson and D. Delen, “Advanced data mining techniques,” Springer, 2008.
26	R. Singh, A. Kainthola, and T. Singh, "Estimation of elastic constant of rocks using an ANFIS approach," Applied Soft Computing, vol. 12, pp. 40-45, 2012. Article (CrossRef Link) DOI
27	C. Beleites, R. Salzer, and V. Sergo, "Validation of soft classification models using partial class memberships: An extended concept of sensitivity & co. applied to grading of astrocytoma tissues," Chemometrics and Intelligent Laboratory Systems, vol. 122, pp. 12-22, 2013. Article (CrossRef Link) DOI
28	T. Fawcett, "An introduction to ROC analysis," Pattern recognition letters, vol. 27, pp. 861-874, 2006. Article (CrossRef Link) DOI
29	A. Shalaginov and K. Franke, "Automatic rule-mining for malware detection employing Neuro-Fuzzy Approach," Norsk informasjonssikkerhetskonferanse (NISK), vol. 2013, 2014.
30	T. Sumithira, A. Nirmal Kumar, and R. Ramesh Kumar, "An adaptive neuro-fuzzy inference system (ANFIS) based Prediction of Solar Radiation: A Case study," Journal of Applied Sciences Research, vol. 8, 2012.
31	A. Shubair, S. Ramadass, and A. A. Altyeb, "kENFIS: kNN-based evolving neuro-fuzzy inference system for computer worms detection," Journal of Intelligent and Fuzzy Systems, 2014. Article (CrossRef Link)
32	M. Watts and N. Kasabov, "Simple evolving connectionist systems and experiments on isolated phoneme recognition," Combinations of Evolutionary Computation and Neural Networks, 2000 IEEE Symposium on, pp. 232-239, 2000. Article (CrossRef Link)
33	A. Ghobakhlou and N. Kasabov, "A methodology for adaptive speech recognition systems and a development environment," in Proc. of Artif. Neural Netw. Neural Inform. Process, pp. 316-319, 2003.
34	J.-S. Jang, "ANFIS: adaptive-network-based fuzzy inference system," Systems, Man and Cybernetics, IEEE Transactions on, vol. 23, pp. 665-685, 1993. Article (CrossRef Link) DOI
35	N. Mohdeb and M. R. Mekideche, "Determination of the relative magnetic permeability by using an adaptive neuro-fuzzy inference system and 2D-FEM," Progress In Electromagnetics Research B, vol. 22, pp. 237-255, 2010. Article (CrossRef Link) DOI
36	Android Malware Genome Project, 2014. http://www.malgenomeproject.org/
37	Q. Liang and J. M. Mendel, "Interval type-2 fuzzy logic systems: theory and design," Fuzzy Systems, IEEE Transactions on, vol. 8, pp. 535-550, 2000. Article (CrossRef Link) DOI
38	G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra, "Madam: a multi-level anomaly detector for android malware," in Computer Network Security, ed: Springer, pp. 240-253, 2012. Article (CrossRef Link)
39	S. G. M. Backes, C. Hammer, M. Maffei, and P. Styp Rekowsky, “Appguard-realtime policy enforcement for thirdparty applications,” 2012. http://scidok.sulb.uni-saarland.de/volltexte/2012/4902

4	(2018) KSII Transactions on internet and information systems : TIIS A Secure Encryption-Based Malware Detection System / 12 (4) , 1799
3	(2018) Journal of Internet Computing and Services Method to Analyze Information Leakage Malware using SSL Communication in Android Platform / 19 (3) , 1
4	(2018) Wireless personal communications Using G Features to Improve the Efficiency of Function Call Graph Based Android Malware Detection / 103 (4) , 2947
6	(2015) International journal of computer science and network security : IJCSNS Intelligent Android Malware Detection Using Radial Basis Function Networks and Permission Features / 21 (6) , 286
22	(2015) Mathematics Fuzzy Integral-Based Multi-Classifiers Ensemble for Android Malware Classification / 9 (22) , 2880