A static analysis approach for Android permission-based malware detection systems

The evolution of malware is causing mobile devices to crash with increasing frequency. Therefore, adequate security evaluations that detect Android malware are crucial. Two techniques can be used in this regard: Static analysis, which meticulously examines the full codes of applications, and dynamic analysis, which monitors malware behaviour. While both perform security evaluations successfully, there is still room for improvement. The goal of this research is to examine the effectiveness of static analysis to detect Android malware by using permission-based features. This study proposes machine learning with different sets of classifiers was used to evaluate Android malware detection. The feature selection method in this study was applied to determine which features were most capable of distinguishing malware. A total of 5,000 Drebin malware samples and 5,000 Androzoo benign samples were utilised. The performances of the different sets of classifiers were then compared. The results indicated that with a TPR value of 91.6%, the Random Forest algorithm achieved the highest level of accuracy in malware detection.

HEFESTDROID: Highly Effective Features for Android Malware Detection and Analysis

Rapid globalization and advances in mobile technology have brought about phenomenal attention and great opportunities for android application developers to contribute meaningfully to the global digital market. The android mobile platform being one of the famous mobile operating systems has the highest number of applications in the digital market with a total market share of 76.23% between August 2018 and August 2019, according to a report of global stats counter. However, the substantial number of applications on the platform has led to a great number of malware attacks on the user’s privacy and sensitive documents. Consequently, a significant number of malware detection studies have been carried out to reduce the number of malware attacks. This paper analyses the impact of using highly effective android permission features to decipher the problem malware attack. The Highly Effective Features for Android Malware Detection and Analysis (HEFEST) summarises four effective android permission features to be considered in conducting malware detection analysis and classifications. The features recognized in this study are; Normal Declared Permission, Dangerous Permission, Signature-Based Permission, and Signature-or-system. The selection is based on the capabilities of the features in depicting the behaviors of android apps. The research data are drawn from Drebin open source, the dataset comprises 15,036 benign and malicious applications extracted from 215 distinct features, the records 9,026 were malicious and 6,010 benign applications. However, this research compares the detection accuracy of android permission features using machine learning-based algorithms; Support Vector Machine, and K-Nearest Neighbor to achieve a comprehensive accuracy ratio of malware detection, the classifier has a strong accuracy decision of classification and exceptional computational efficiency. The model correctly classified 2,812 out of 2,869 malicious applications appropriately with an accuracy of 98.0% and also classified 1,607 out of 1,642 accurately with a success rate of 97.9%. Generally, 98.0% of classification accuracy was archived.

A permission-dependent type system for secure information flow analysis

We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a lightweight type system featuring Android permission model, where the permissions are statically assigned to applications and are used to enforce access control in the applications. We take inspiration from a type system by Banerjee and Naumann to allow security types to be dependent on the permissions of the applications. A novel feature of our type system is a typing rule for conditional branching induced by permission testing, which introduces a merging operator on security types, allowing more precise security policies to be enforced. The soundness of our type system is proved with respect to non-interference. A type inference algorithm is also presented for the underlying security type system, by reducing the inference problem to a constraint solving problem in the lattice of security types. In addition, a new way to represent our security types as reduced ordered binary decision diagrams is proposed.

Android Application Security

Android is a free, open source platform that allows any developer to submit apps to the Android Market with no restrictions. This enables hackers to pass their malicious apps to the Android Market as legitimate apps. The central issue lies at the heart of the Android permission mechanism, which is not capable of blocking malicious apps from accessing sensitive phone resources (e.g., contact info and browsing history); it either allows or disallows apps from accessing the resources requested by the app at the installation time. This chapter investigated the scope of this issue and concluded that hackers use malicious apps as attack vectors to compromise Android smartphones and steal confidential data and that no security solutions exist to combat malicious apps. The researcher suggested designing a real time monitoring application to detect and deter malicious apps from compromising users' sensitive data; such application is necessary for Android users to protect their privacy and prevent financial loss.

Flaws in the Android Permission Protocol with Limited Verification

Purpose of the article: analysis of the resolution protocol implemented in the Android operating system as the most popular for smartphones and other electronic gadgets; consider a formal model of the Android permission protocol and describe the automatic security analysis of this model; identify potential flaws in the permitting protocol. Research method: A formal model of the Android permission protocol based on C++ using the Java NDK based on first-order relational logic is considered, with an analysis engine that performs limited model validation. Result. Created a formal model of Android permission protocol using C ++ using Java NDK. The model identified flaws in the Android permission protocol, and thus exposed Android security vulnerabilities. The developed Android protocol permission model consists of three parts: an Android device architecture query; Android permission scheme request; system operations. Fixed flaws in Android OS related to custom permissions vulnerability. An experiment is presented to demonstrate the feasibility and prevalence of custom permissions vulnerability in existing Android applications. Examination of real Android applications supports our finding that flaws in the Android permission protocol can have serious security implications for electronic gadget applications, and in some cases allows an attacker to completely bypass permission checks. A study of one of the vulnerabilities showed that it is widespread among many existing Android applications. Most developers do not perform any additional validation to ensure that inbound APIs come from trusted applications or vendors, assuming they may not be aware of a custom permissions vulnerability despite its potential for security breaches. The result will be useful for software developers for operating systems with permissions - Android, iOS and Fire OS.

Malicious Application Detection and Classification System for Android Mobiles

The Android Mobiles constitute a large portion of mobile market which also attracts the malware developer for malicious gains. Every year hundreds of malwares are detected in the Android market. Unofficial and Official Android market such as Google Play Store are infested with fake and malicious apps which is a warning alarm for naive user. Guided by this insight, this paper presents the malicious application detection and classification system using machine learning techniques by extracting and analyzing the Android Permission Feature of the Android applications. For the feature extraction, the authors of this work have developed the AndroData tool written in shell script and analyzed the extracted features of 1060 Android applications with machine learning algorithms. They have achieved the malicious application detection and classification accuracy of 98.2% and 87.3%, respectively with machine learning techniques.

Research on Data Mining of Permission-Induced Risk for Android IoT Devices

With the growing era of the Internet of Things (IoT), more and more devices are connecting with the Internet using android applications to provide various services. The IoT devices are used for sensing, controlling and monitoring of different processes. Most of IoT devices use Android applications for communication and data exchange. Therefore, a secure Android permission privileged mechanism is required to increase the security of apps. According to a recent study, a malicious Android application is developed almost every 10 s. To resist this serious malware campaign, we need effective malware detection approaches to identify malware applications effectively and efficiently. Most of the studies focused on detecting malware based on static and dynamic analysis of the applications. However, to analyse the risky permission at runtime is a challenging task. In this study, first, we proposed a novel approach to distinguish between malware and benign applications based on permission ranking, similarity-based permission feature selection, and association rule for permission mining. Secondly, the proposed methodology also includes the enhancement of the random forest algorithm to improve the accuracy for malware detection. The experimental outcomes demonstrate high proficiency of the accuracy for malware detection, which is pivotal for android apps aiming for secure data exchange between IoT devices.

Android Application Security

Android is a free, open source platform that allows any developer to submit apps to the Android Market with no restrictions. This enables hackers to pass their malicious apps to the Android Market as legitimate apps. The central issue lies at the heart of the Android permission mechanism, which is not capable of blocking malicious apps from accessing sensitive phone resources (e.g., contact info and browsing history); it either allows or disallows apps from accessing the resources requested by the app at the installation time. This chapter investigated the scope of this issue and concluded that hackers use malicious apps as attack vectors to compromise Android smartphones and steal confidential data and that no security solutions exist to combat malicious apps. The researcher suggested designing a real time monitoring application to detect and deter malicious apps from compromising users' sensitive data; such application is necessary for Android users to protect their privacy and prevent financial loss.