Article Preview
TopIntroduction
Smartphone now days offers more functionality then just a device to communicate like online shopping, fund transfer, health monitoring system, documents editor and manager, photo editor etc. Being an open source operating system, Android Operating system is the most popular operating system in the market. However, the Android applications are also found infected with virus which are downloaded either from Google play store or unofficial market. Therefore, detecting the abnormality in behavior of android malicious application becomes very important to avoid harm to end user. Anomaly based intrusion detection techniques are used for this purpose which can be further classified as static analysis, dynamic analysis and hybrid techniques. In static analysis techniques, the application’s static features like android permission requested, method called etc. are analyzed without executing it, and the application’s code is analyzed to detect malicious code. In dynamic analysis techniques, the application’s dynamic features like system call invokes, URL accessed, API used are analyzed by executing the application. However, both static features and dynamic features are analyzed to detect malicious application in hybrid analysis techniques. In this paper we consider hybrid analysis technique with machine learning algorithms to detect the malicious applications.
We mention that every critical resource is protected by the android permission, and whenever an application tries to access the critical resources, mandatory access control enforcement checks for Android Permission granted to the application for accessing that resource. The Android permission model provides four protection levels for the android permission-Normal, Dangerous, System and Signature protection level. The Normal protection level is given to those android permissions which are considered to be harmless, and the android permissions are granted automatically to the requesting application. Signature and System protection level are for the permission that are accessing android operating system resources or mobile device resource, and these permissions are also granted automatically to the application which has specific signatures. The permission with Dangerous Protection Level is very crucial as granting these permissions can harm the user. Moreover, these permissions are granted by the naïve user while installing the application, which can be a way for intruder to get control of the user’s mobile device. It is to be noticed that Android is a modified version of Linux 2.6 for the mobile devices, so the android has inherited the functional model from Linux in which System call is an interface between user and kernel. Whenever a user sends a request for any service from application interface, this request is transformed into multiple system calls to the kernel for the final execution of the service through the hardware. So the execution of every instance of the application can be traced with system calls invoked by the application. Thus, system call tracing can give the information about behavior pattern of the application during run time.
Therefore, in this research work Ranking and Risk Factor Scheme has been proposed in which the android features of 1024 android applications are ranked and risk factor of each application is calculated for malicious application classification and detection. The android features of android applications from 81 malware families are extracted and analyzed in this research work.