APK Auditor: Permission-based Android malware detection system

Kabakuş, Abdullah Talha; Alper, Dogru Ibrahim; Çetin, A. Enis

doi:10.1016/j.diin.2015.01.001

Cited by 213 publications

(84 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Commonly, Android applications are investigated by analyzing the AndroidManifest.xml, the DEX file or both (Talha et al, 2015). The XML-file processing is straightforward e convert binary into text and parse it.…”

Section: Related Workmentioning

confidence: 99%

Rapid Android Parser for Investigating DEX files (RAPID)

Zhang

Breitinger

Baggili

2016

Digital Investigation

View full text Add to dashboard Cite

a b s t r a c tAndroid malware is a well-known challenging problem and many researchers/vendors/ practitioners have tried to address this issue through application analysis techniques. In order to analyze Android applications, tools decompress APK files and extract relevant data from the Dalvik EXecutable (DEX) files. To acquire the data, investigators either use decompiled intermediate code generated by existing tools, e.g., Baksmali or Dex2jar or write their own parsers/dissemblers. Thus, they either need additional time because of decompiling the application into an intermediate representation and then parsing text files, or they reinvent the wheel by implementing their own parsers. In this article, we present Rapid Android Parser for Investigating DEX files (RAPID) which is an open source and easy-to-use JAVA library for parsing DEX files. RAPID comes with well-documented APIs which allow users to query data directly from the DEX binary files. Our experiments reveal that RAPID outperforms existing approaches in terms of runtime efficiency, provides better reliability (does not crash) and can support dynamic analysis by finding critical offsets. Notably, the processing time for our sample set of 22.35 GB was only 1.5 h with RAPID while the traditional approaches needed about 23 h (parsing and querying).

show abstract

Section: Related Workmentioning

confidence: 99%

Rapid Android Parser for Investigating DEX files (RAPID)

Zhang

Breitinger

Baggili

2016

Digital Investigation

View full text Add to dashboard Cite

show abstract

“…Permissions are actively granted by the user when an app is installed, and they are mainly used to limit the use of some functions and the access to some components among apps. In previous research works [22,23], Android malware would request some particular permissions more frequently than benign samples. For example, majority of malware would request the SEND SMS permission to send out premium SMS messages.…”

Section: Android Apps Profilingmentioning

confidence: 99%

Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

Wang

Zhang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps' employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.

show abstract

“…Authors demonstrate accuracy as high as 99% for SVM, Decision Tree, and Random Forest under specific configuration using a high volume data set. In the same mind-set, the APK Auditor [17] relies on logistic regression, while evaluates its performance using a dataset of 6900 malware and 1850 benign apps. Results indicate accuracy up to 88%.…”

Section: Permissionsmentioning

confidence: 99%

Towards a Mobile Malware Detection Framework with the Support of Machine Learning

Geneiatakis

Baldini

Fovino

et al. 2018

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract. Several policies initiatives around the digital economy stress on one side the centrality of smartphones and mobile applications, and on the other call for attention on the threats to which this ecosystem is exposed to. Lately, a plethora of related works rely on machine learning algorithms to classify whether an application is malware or not, using data that can be extracted from the application itself with high accuracy. However, different parameters can influence machine learning effectiveness. Thus, in this paper we focus on validating the efficiency of such approaches in detecting malware for Android platform, and identifying the optimal characteristics that should be consolidated in any similar approach. To do so, we built a machine learning solution based on features that can be extracted by static analysis of any Android application, such as activities, services, broadcasts, receivers, intent categories, APIs, and permissions. The extracted features are analyzed using statistical analysis and machine learning algorithms. The performance of different sets of features are investigated and compared. The analysis shows that under an optimal configuration an accuracy up to 97% can be obtained.

show abstract

APK Auditor: Permission-based Android malware detection system

Cited by 213 publications

References 5 publications

Rapid Android Parser for Investigating DEX files (RAPID)

Rapid Android Parser for Investigating DEX files (RAPID)

Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

Towards a Mobile Malware Detection Framework with the Support of Machine Learning

Contact Info

Product

Resources

About