Android application classification and anomaly detection with graph-based permission patterns

Sokolova, Karina; Pérez, Charles; Lemercier, Marc

doi:10.1016/j.dss.2016.09.006

Cited by 45 publications

(25 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We figured out interesting directions for our future work as follows. Since AndroClass utilizes the features representing the actual functionalities and underlying behaviors of apps, we can apply it to malware detection [15,21] and malware classification (i.e., detecting the malware family) [52,53] as well. However, we need to make some minor changes in AndroClass to make it adapted to the aforementioned topics.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

AndroClass: An Effective Method to Classify Android Applications by Applying Deep Neural Networks to Comprehensive Features

Hamedani

Shin

Lee

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Android application (app) stores contain a huge number of apps, which are manually classified based on the apps’ descriptions into various categories. However, the predefined categories or apps descriptions are usually not very accurate to reflect the real functionalities of apps, thereby leading to misclassify the apps, which may cause serious security issues and unreliability problem in the app store. Therefore, the automatic app classification is an important demand to construct a secure, reliable, integrated, and easy to navigate app store. In this paper, we propose an effective method called AndroClass to automatically classify apps based on their real functionalities by using rich and comprehensive features representing the actual functionalities of the apps. AndroClass performs three steps of feature extraction, feature refinement, and classification. In the feature extraction step, we extract 14 various features for each app by utilizing a unified tool suite. In the feature refinement step, we apply Random Forest algorithm to refine the features. In the classification step, we combine refined features into a single one and AndroClass is equipped with K-Nearest Neighbor, Naive Bayes, Support Vector Machine, and Deep Neural Network to classify apps. On the contrary to the existing methods, all the utilized features in AndroClass are stable and clearly represent the actual functionalities of the app, AndroClass does not pose any issues to the user privacy, and our method can be applied to classify unreleased or newly released apps. The results of extensive experiments with two real-world datasets and a dataset constructed by human experts demonstrate the effectiveness of AndroClass where the classification accuracy of AndroClass with the latter dataset is 83.5%.

show abstract

Section: Resultsmentioning

confidence: 99%

“…In the literature, significant attentions have been paid to the topic of malware detection such as the studies in [1,6,7,9,[14][15][16][17][18][19][20][21][22][23][24][25]. However, very fewer efforts have been devoted to the classification of apps.…”

Section: Introductionmentioning

confidence: 99%

AndroClass: An Effective Method to Classify Android Applications by Applying Deep Neural Networks to Comprehensive Features

Hamedani

Shin

Lee

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…In the study of Sokolova et al, a system was proposed that characterizes normal behaviors for each application category and emphasizes expected permission requests. Moreover, category patterns and central permissions are obtained using graph analysis metrics [16]. The models obtained are evaluated by the performance of the application classification based on the categories developed [16].…”

Section: Static Analysis Methodsmentioning

confidence: 99%

Web-Based Android Malicious Software Detection and Classification System

Doğru¹,

Kiraz²

2018

Applied Sciences

View full text Add to dashboard Cite

Android is the most used operating system (OS) by mobile devices. Since applications uploaded to Google Play and other stores are not analyzed comprehensively, it is not known whether the applications are malicious software or not. Therefore, there is an urgent need to analyze these applications regarding malicious software. Moreover, mobile devices have limited resources to analyze the applications. In this study, a malicious detection system named “Web-Based Android Malicious Software Detection and Classification System” was developed. The system is based on client-server architecture, static analysis and web-scraping methods. The proposed system overcomes the resource restriction issue, as well as providing third-party service support by means of client-server architecture. Based on the performance evaluation conducted in this research, the developed system’s success rate is 97.62% on benign and malicious datasets.

show abstract

“…opcode n-grams) was used to construct feature vectors that used in Android apps' classification. Moreover, the number of common permissions between a given application and a specific category pattern has been used as a feature in [92].…”

Section: Semantic Featuresmentioning

confidence: 99%

The Android malware detection systems between hope and reality

2019

View full text Add to dashboard Cite

The widespread use of Android-based smartphones made it an important target for malicious applications' developers. So, a large number of frameworks have been proposed to tackle the huge number of daily published malwares. Despite there are many review papers that have been conducted in order to shed light on the works that achieved in Android malware analysing domain, the number of conducted review papers do not fit with the importance of this research field and with the volume of achieved works. Also, there is no comprehensive taxonomy for all research trends in the field of analysing malicious applications targeting the Android system. Furthermore, none of the existing review papers contains a schematic model that makes it easy for the reader to know the methods and methodologies used in a particular field of research without much effort. This paper aims at proposing a comprehensive taxonomy and suggesting a new schematic review approach. To this end, a review of a large number of works that achieved between 2009 and 2019 has been conducted. The achieved study includes more than 200 papers that have different goals such as apps' behaviour analysis, automatic user interface triggers or packer/unpacker frameworks development. Also, a comprehensive taxonomy has been proposed so that most of the previous works can be classified under it. To the best of our knowledge, the suggested taxonomy is the widest and the most comprehensive in terms of the covered research trends. Moreover, we have proposed a detailed schematic model (called Schematic Review Model) illustrates the process of detecting the malignant applications of an Android in the light of the studied works and the proposed taxonomy. To our knowledge, this is the first time that the Android malware detection methods have been explained in this way with this amount of detail. Furthermore, the studied researches have been analysed according to multiple criteria such as used analysing method, used features, used detection method, and used dataset. Also, the features used in the studied works were discussed in detail by dividing it into multiple classes. Moreover, the challenges facing Android's malware analysing methods were discussed in detail. Finally, it has been concluded that there are gaps between the size and the goal of the conducted works and the number of malicious apps published every day, so some future works areas have been proposed and discussed.

show abstract

Android application classification and anomaly detection with graph-based permission patterns

Cited by 45 publications

References 8 publications

AndroClass: An Effective Method to Classify Android Applications by Applying Deep Neural Networks to Comprehensive Features

AndroClass: An Effective Method to Classify Android Applications by Applying Deep Neural Networks to Comprehensive Features

Web-Based Android Malicious Software Detection and Classification System

The Android malware detection systems between hope and reality

Contact Info

Product

Resources

About