• Title/Summary/Keyword: Android Apps

Search Result 132, Processing Time 0.019 seconds

Intelligent Android Malware Detection Using Radial Basis Function Networks and Permission Features

  • Abdulrahman, Ammar;Hashem, Khalid;Adnan, Gaze;Ali, Waleed
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.6
    • /
    • pp.286-293
    • /
    • 2021
  • Recently, the quick development rate of apps in the Android platform has led to an accelerated increment in creating malware applications by cyber attackers. Numerous Android malware detection tools have utilized conventional signature-based approaches to detect malware apps. However, these conventional strategies can't identify the latest apps on whether applications are malware or not. Many new malware apps are periodically discovered but not all malware Apps can be accurately detected. Hence, there is a need to propose intelligent approaches that are able to detect the newly developed Android malware applications. In this study, Radial Basis Function (RBF) networks are trained using known Android applications and then used to detect the latest and new Android malware applications. Initially, the optimal permission features of Android apps are selected using Information Gain Ratio (IGR). Appropriately, the features selected by IGR are utilized to train the RBF networks in order to detect effectively the new Android malware apps. The empirical results showed that RBF achieved the best detection accuracy (97.20%) among other common machine learning techniques. Furthermore, RBF accomplished the best detection results in most of the other measures.

Android App Reuse Analysis using the Sequential Hypothesis Testing

  • Ho, Jun-Won
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.4
    • /
    • pp.11-18
    • /
    • 2016
  • Due to open source policy, Android systems are exposed to a variety of security problems. In particular, app reuse attacks are detrimental threat to the Android system security. This is because attacker can create core malign components and quickly generate a bunch of malicious apps by reusing these components. Hence, it is very imperative to discern whether Android apps contain reused components. To meet this need, we propose an Android app reuse analysis technique based on the Sequential Hypothesis Testing. This technique quickly makes a decision with a few number of samples whether a set of Android apps is made through app reuse. We performed experimental study with 6 malicious app groups, 1 google and 1 third-party app group such that each group consists of 100 Android apps. Experimental results demonstrate that our proposed analysis technique efficiently judges Android app groups with reused components.

Intelligent Approach for Android Malware Detection

  • Abdulla, Shubair;Altaher, Altyeb
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.8
    • /
    • pp.2964-2983
    • /
    • 2015
  • As the Android operating system has become a key target for malware authors, Android protection has become a thriving research area. Beside the proved importance of system permissions for malware analysis, there is a lot of overlapping in permissions between malware apps and goodware apps. The exploitation of them effectively in malware detection is still an open issue. In this paper, to investigate the feasibility of neuro-fuzzy techniques to Android protection based on system permissions, we introduce a self-adaptive neuro-fuzzy inference system to classify the Android apps into malware and goodware. According to the framework introduced, the most significant permissions that characterize optimally malware apps are identified using Information Gain Ratio method and encapsulated into patterns of features. The patterns of features data is used to train and test the system using stratified cross-validation methodologies. The experiments conducted conclude that the proposed classifier can be effective in Android protection. The results also underline that the neuro-fuzzy techniques are feasible to employ in the field.

Detection of Privacy Information Leakage for Android Applications by Analyzing API Inter-Dependency and the Shortest Distance (API간 상호 의존성 및 최단거리 분석을 통한 안드로이드 애플리케이션의 개인정보 유출 탐지 기법)

  • Kim, Dorae;Park, Yongsu
    • Journal of KIISE
    • /
    • v.41 no.9
    • /
    • pp.707-714
    • /
    • 2014
  • In general, the benign apps transmit privacy information to the external to provide service to users as the malicious app does. In other words, the behavior of benign apps is similar to the one of malicious apps. Thus, the benign app can be easily manipulated for malicious purposes. Therefore, the malicious apps as well as the benign apps should notify the users of the possibility of privacy information leakage before installation to prevent the potential malicious behavior. In this paper, We propose the method to detect leakage of privacy information on the android app by analyzing API inter-dependency and shortest distance. Also, we present LeakDroid which detects leakage of privacy information on Android with the above method. Unlike dynamic approaches, LeakDroid analyzes Android apps on market site. To verify the privacy information leakage detection of LeakDroid, we experimented the well-known 250 malicious apps and the 1700 benign apps collected from Android Third party market. Our evaluation result shows that LeakDroid reached detection rate of 96.4% in the malicious apps and detected 68 true privacy information leakages inside the 1700 benign apps.

Normal and Malicious Application Pattern Analysis using System Call Event on Android Mobile Devices for Similarity Extraction (안드로이드 모바일 정상 및 악성 앱 시스템 콜 이벤트 패턴 분석을 통한 유사도 추출 기법)

  • Ham, You Joung;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.14 no.6
    • /
    • pp.125-139
    • /
    • 2013
  • Distribution of malicious applications developed by attackers is increasing along with general normal applications due to the openness of the Android-based open market. Mechanism that allows more accurate ways to distinguish normal apps and malicious apps for common mobile devices should be developed in order to reduce the damage caused by the rampant malicious applications. This paper analysed the normal event pattern from the most highly used game apps in the Android open market to analyse the event pattern from normal apps and malicious apps of mobile devices that are based on the Android platform, and analysed the malicious event pattern from the malicious apps and the disguising malicious apps in the form of a game app among 1260 malware samples distributed by Android MalGenome Project. As described, experiment that extracts normal app and malicious app events was performed using Strace, the Linux-based system call extraction tool, targeting normal apps and malicious apps on Android-based mobile devices. Relevance analysis for each event set was performed on collected events that occurred when normal apps and malicious apps were running. This paper successfully extracted event similarity through this process of analyzing the event occurrence characteristics, pattern and distribution on each set of normal apps and malicious apps, and lastly suggested a mechanism that determines whether any given app is malicious.

The Detection of Android Malicious Apps Using Categories and Permissions (카테고리와 권한을 이용한 안드로이드 악성 앱 탐지)

  • Park, Jong-Chan;Baik, Namkyun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.6
    • /
    • pp.907-913
    • /
    • 2022
  • Approximately 70% of smartphone users around the world use Android operating system-based smartphones, and malicious apps targeting these Android platforms are constantly increasing. Google has provided "Google Play Protect" to respond to the increasing number of Android targeted malware, preventing malicious apps from being installed on smartphones, but many malicious apps are still normal. It threatens the smartphones of ordinary users registered in the Google Play store by disguising themselves as apps. However, most people rely on antivirus programs to detect malicious apps because the average user needs a great deal of expertise to check for malicious apps. Therefore, in this paper, we propose a method to classify unnecessary malicious permissions of apps by using only the categories and permissions that can be easily confirmed by the app, and to easily detect malicious apps through the classified permissions. The proposed method is compared and analyzed from the viewpoint of undiscovered rate and false positives with the "commercial malicious application detection program", and the performance level is presented.

A String Analysis based System for Classifying Android Apps Accessing Harmful Sites (유해 사이트를 접속하는 안드로이드 앱을 문자열 분석으로 검사하는 시스템)

  • Choi, Kwang-Hoon;Ko, Kwang-Man;Park, Hee-Wan;Youn, Jong-Hee
    • The KIPS Transactions:PartA
    • /
    • v.19A no.4
    • /
    • pp.187-194
    • /
    • 2012
  • This paper proposes a string analysis based system for classifying Android Apps that may access so called harmful sites, and shows an experiment result for real Android apps on the market. The system first transforms Android App binary codes into Java byte codes, it performs string analysis to compute a set of strings at all program points, and it classifies the Android App as bad ones if the computed set contains URLs that are classified because the sites provide inappropriate contents. In the proposed approach, the system performs such a classification in the stage of distribution before installing and executing the Apps. Furthermore, the system is suitable for the automatic management of Android Apps in the market. The proposed system can be combined with the existing methods using DNS servers or monitoring modules to identify harmful Android apps better in different stages.

A Study on Detection of Malicious Android Apps based on LSTM and Information Gain (LSTM 및 정보이득 기반의 악성 안드로이드 앱 탐지연구)

  • Ahn, Yulim;Hong, Seungah;Kim, Jiyeon;Choi, Eunjung
    • Journal of Korea Multimedia Society
    • /
    • v.23 no.5
    • /
    • pp.641-649
    • /
    • 2020
  • As the usage of mobile devices extremely increases, malicious mobile apps(applications) that target mobile users are also increasing. It is challenging to detect these malicious apps using traditional malware detection techniques due to intelligence of today's attack mechanisms. Deep learning (DL) is an alternative technique of traditional signature and rule-based anomaly detection techniques and thus have actively been used in numerous recent studies on malware detection. In order to develop DL-based defense mechanisms against intelligent malicious apps, feeding recent datasets into DL models is important. In this paper, we develop a DL-based model for detecting intelligent malicious apps using KU-CISC 2018-Android, the most up-to-date dataset consisting of benign and malicious Android apps. This dataset has hardly been addressed in other studies so far. We extract OPcode sequences from the Android apps and preprocess the OPcode sequences using an N-gram model. We then feed the preprocessed data into LSTM and apply the concept of Information Gain to improve performance of detecting malicious apps. Furthermore, we evaluate our model with numerous scenarios in order to verify the model's design and performance.

The Effect of Background Services on Android Smartphone Performance (백그라운드 서비스가 안드로이드 스마트폰의 성능에 미치는 영향)

  • Ahn, Woo Hyun;Oh, Yunseok;Oh, Jaewon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.22 no.3
    • /
    • pp.399-410
    • /
    • 2018
  • In Android smartphones, many apps are developed as service apps to run in the background. If the memory is insufficient, Android forcibly terminates not only user apps that have not used the CPU for a long time, but also service apps. However, a service app is automatically re-launched after a short period of time, so that it continuously consumes memory space. This paper analyzes the number of running service apps and their memory usage in users' smartphones. The number of service apps accounts for up to 65% of the total number of running apps, and their memory usage accounts for up to 55% of the total memory. Moreover, we investigate the effect of the number of running service apps on the response time of smartphones and apps. As the number of service apps increases, the launching time of user apps increases to 22 times. The booting time and app installation time significantly increase with the number of service apps.

Trend Analysis of Malwares in Social Information Based Android Market (소셜 기반 안드로이드 마켓에서 악성 앱 경향성 분석)

  • Oh, Hayoung;Goo, EunHee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.6
    • /
    • pp.1491-1498
    • /
    • 2017
  • As the use of smartphones and the launch of various apps have increased rapidly, the number of malicious apps has also increased, and the damage is continuing. The Google Market where Android apps are registered is inevitably present at the same time as normal apps and malicious apps even though there are regulations for app registration. Especially, as social networks are activated, users are connected with social networks, and the ratings, downloads and awareness information are reflected in the number of downloaded apps. As a result, when users choose their apps by simply reflecting ratings, popularity, popular comments, and highly-categorized apps, malicious app downloads can sometimes cause significant harm. Therefore, this study first analyzed the tendency of malicious apps by directly crawling and analyzing long-term social information in the currently active Android market.