Ranking and Risk Factor Scheme for Malicious applications detection and Classifications

Ranking and Risk Factor Scheme for Malicious applications detection and Classifications

Kiran Khatter (School of Engineering and Technology, Ansal University, Gurgaon, India) and Sapna Malik (Maharaja Surajmal Institute of Technology, Delhi, India)
Copyright: © 2018 |Pages: 18
DOI: 10.4018/IJISMD.2018070104

Abstract

Being an open source operating system, android mobiles are attacked by hundreds of malware every year. Moreover, malware are using many veiled techniques that makes it difficult to detect them. Android official markets and the Google Play Store are also not left untouched by malware. This article presents the Ranking and Risk Factor Scheme (RRFS), a hybrid intrusion detection technique for Android devices for the detection of malicious android applications. Ranking and risk factor schemes perform an analysis of Android permissions requested and system calls invoked features by ranking these features with some criteria and calculating the risk factor of each application for the detection and classification of malicious applications of 81 malware families. In the results, the ranking and risk factor scheme outperforms several related approaches and has the detection and classification performance of 99.2% and 88.7%, respectively and proved fast, an energy-efficient technique for resource constraint mobile device
Article Preview
Top

Introduction

Smartphone now days offers more functionality then just a device to communicate like online shopping, fund transfer, health monitoring system, documents editor and manager, photo editor etc. Being an open source operating system, Android Operating system is the most popular operating system in the market. However, the Android applications are also found infected with virus which are downloaded either from Google play store or unofficial market. Therefore, detecting the abnormality in behavior of android malicious application becomes very important to avoid harm to end user. Anomaly based intrusion detection techniques are used for this purpose which can be further classified as static analysis, dynamic analysis and hybrid techniques. In static analysis techniques, the application’s static features like android permission requested, method called etc. are analyzed without executing it, and the application’s code is analyzed to detect malicious code. In dynamic analysis techniques, the application’s dynamic features like system call invokes, URL accessed, API used are analyzed by executing the application. However, both static features and dynamic features are analyzed to detect malicious application in hybrid analysis techniques. In this paper we consider hybrid analysis technique with machine learning algorithms to detect the malicious applications.

We mention that every critical resource is protected by the android permission, and whenever an application tries to access the critical resources, mandatory access control enforcement checks for Android Permission granted to the application for accessing that resource. The Android permission model provides four protection levels for the android permission-Normal, Dangerous, System and Signature protection level. The Normal protection level is given to those android permissions which are considered to be harmless, and the android permissions are granted automatically to the requesting application. Signature and System protection level are for the permission that are accessing android operating system resources or mobile device resource, and these permissions are also granted automatically to the application which has specific signatures. The permission with Dangerous Protection Level is very crucial as granting these permissions can harm the user. Moreover, these permissions are granted by the naïve user while installing the application, which can be a way for intruder to get control of the user’s mobile device. It is to be noticed that Android is a modified version of Linux 2.6 for the mobile devices, so the android has inherited the functional model from Linux in which System call is an interface between user and kernel. Whenever a user sends a request for any service from application interface, this request is transformed into multiple system calls to the kernel for the final execution of the service through the hardware. So the execution of every instance of the application can be traced with system calls invoked by the application. Thus, system call tracing can give the information about behavior pattern of the application during run time.

Therefore, in this research work Ranking and Risk Factor Scheme has been proposed in which the android features of 1024 android applications are ranked and risk factor of each application is calculated for malicious application classification and detection. The android features of android applications from 81 malware families are extracted and analyzed in this research work.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2020): Forthcoming, Available for Pre-Order
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing