Detection of Android Malware based on Sequence Alignment of Permissions
Permissions control accesses to critical resources on Android. Any weaknesses from their exploitation can be of great interest to attackers. Investigation about associations of permissions can reveal some patterns against attacks. In this regards, this paper proposes an approach based on sequence alignment between requested permissions to identify similarities between applications. Permission patterns for malicious and normal samples are determined and exploited to evaluate a similarity score. The nature of an application is obtained based on a threshold, judiciously computed. Experiments have been realized with a dataset of 534 malicious samples (300 training and 234 testing) and 534 normal samples (300 training and 234 testing). Our approach has been able to recognize testing samples (either malware or normal) with an accuracy of 79%, an average precision of 76% and an average recall of 75%. This research reveals that sequence alignment can improve malware detection research.
Statista, “Smartphone unit shipments worldwide by operating system from 2016 to 2022 (in million units),” 2019. [Online]. Available: https://www.statista.com/statistics/309448/global-smartphone-shipments-forecast-operating-system/. [Accessed: 17-Jul-2019].
GDATA, “Some 343 new Android malware samples every hour in 2017,” 2018. [Online]. Available: https://www.gdatasoftware.com/blog/2018/02/30491-some-343-new-android-malware-samples-every-hour-in-2017. [Accessed: 28-Jul-2019].
Android developers, “Permissions overview,” 2019. [Online]. Available: https://developer.android.com/guide/topics/permissions/overview. [Accessed: 17-Jul-2019].
J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-An, and H. Ye, “Significant Permission Identification for Machine-Learning-Based Android Malware Detection,” IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3216–3225, Jul. 2018.
A. Qamar, A. Karim, and V. Chang, “Mobile Malware Attacks: Review, Taxonomy & Future Directions,” Future Generation Computer Systems, vol. 97, pp. 887–909, Aug. 2019.
B. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Android Permissions: A Perspective Combining Risks and Benefits,” in Symposium on Access control Models and Technologies, 2012, pp. 13–22.
J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-an, and H. Ye, “Significant Permission Identification for Machine-Learning-Based Android Malware Detection,” IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3216–3225, Jul. 2018.
S. Arshad, M. A. Shah, A. Wahid, A. Mehmood, H. Song, and H. Yu, “SAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System,” IEEE Access, vol. 6, pp. 4321–4339, 2018.
Y. Aafer, W. Du, and H. Yin, “DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android,” Springer, Cham, 2013, pp. 86–103.
A. Alshehri, P. Marcinek, A. Alzahrani, H. Alshahrani, and H. Fu, “PUREDroid: Permission Usage and Risk Estimation for Android Applications,” in Proceedings of the 2019 3rd International Conference on Information System and Data Mining - ICISDM 2019, 2019, pp. 179–184.
M. Al Jutail, M. Al-Akhras, and A. Albesher, “Associated Risks in Mobile Applications Permissions,” Journal of Information Security, vol. 10, pp. 69–90, 2019.
A. Zielezinski, S. Vinga, J. Almeida, and W. M. Karlowski, “Alignment-free sequence comparison: benefits, applications, and tools.,” Genome biology, vol. 18, no. 1, p. 186, 2017.
M. Vijini, “Pairwise Sequence Alignment using Biopython – Towards Data Science,” 2017. [Online]. Available: https://towardsdatascience.com/pairwise-sequence-alignment-using-biopython-d1a9d0ba861f. [Accessed: 02-Mar-2019].
J. M. Vidal, M. A. S. Monge, and L. J. G. Villalba, “A novel pattern recognition system for detecting Android malware by analyzing suspicious boot sequences,” Knowledge-Based Systems, vol. 150, pp. 198–217, Jun. 2018.
Djakene, “Malwares-Detection-based-on-sequences-alignment-of-permissions,” 2019. [Online]. Available: https://github.com/djakene/Malwares-Detection-based-on-sequences-alignment-of-permissions. [Accessed: 01-Aug-2019].
D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, and K. Rieck, “Drebin: Effective and Explainable Detection of Android Malware in Your Pocket,” in Proceedings 2014 Network and Distributed System Security Symposium, 2014.
Copyright (c) 2019 International Journal of Computer (IJC)
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who submit papers with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- By submitting the processing fee, it is understood that the author has agreed to our terms and conditions which may change from time to time without any notice.
- It should be clear for authors that the Editor In Chief is responsible for the final decision about the submitted papers; have the right to accept\reject any paper. The Editor In Chief will choose any option from the following to review the submitted papers:A. send the paper to two reviewers, if the results were negative by one reviewer and positive by the other one; then the editor may send the paper for third reviewer or he take immediately the final decision by accepting\rejecting the paper. The Editor In Chief will ask the selected reviewers to present the results within 7 working days, if they were unable to complete the review within the agreed period then the editor have the right to resend the papers for new reviewers using the same procedure. If the Editor In Chief was not able to find suitable reviewers for certain papers then he have the right to reject the paper.
- Author will take the responsibility what so ever if any copyright infringement or any other violation of any law is done by publishing the research work by the author
- Before publishing, author must check whether this journal is accepted by his employer, or any authority he intends to submit his research work. we will not be responsible in this matter.
- If at any time, due to any legal reason, if the journal stops accepting manuscripts or could not publish already accepted manuscripts, we will have the right to cancel all or any one of the manuscripts without any compensation or returning back any kind of processing cost.
- The cost covered in the publication fees is only for online publication of a single manuscript.