Malicious Application Detection and Classification System for Android Mobiles

Introduction

The Smartphones are getting immensely popular all over the world. It has become the Personal Remote of Life than just being a medium to communicate owing to the huge functionality it offers. The Smartphones have transformed to everyone’s online bank, online shopping mall, and online tutor along with the traditional voice communication facility. It is a Go- to-Device for various day to day activities such as clicking pictures, watching movies, shopping, calling, chatting and many more. Mobile devices are equipped with advanced user interfaces, processing capability and adequate memory. It holds lots of personal information like contact list, online banking passwords, credit card details and location of the proprietor. According to Expedia Signal Survey (Mishra, 2014), the Indians are becoming addicted to Smartphones for their daily needs. These capabilities are provided to the Smartphones through mobile applications.

Android phones are one of the popular Smartphones nowadays. According to a survey conducted by Nielsen and Informate Mobile Intelligence, 62% of Indians prefer Android mobile phones over other Smartphones (Brindaalakshmi, 2013). The Android applications are downloaded by the user from official markets such as Google Play Store and also from the unofficial markets. The unofficial market is full of malicious applications which lure the customers to download its apps with a heavy discount on products or payback offers. Even the Official Market Google Play Store has not been left untouched by the intruder. 13 infected applications have been removed from the Google Play Store in January 2016 (Acharya, 2016). In the recent report of April 2016 (Bisson, 2016), 100 applications have been found infected on Google Play Store.

Intrusion detection and Prevention systems are systems which detect intrusion in the mobile, PC and in the network and prevent the stakeholder from being harmed by these malicious apps. The intrusion in a mobile phone is possible through mobile applications. There are three types of Intrusion detection techniques, Signature based, Behavior-based and Anomaly based. In Anomaly based intrusion detection system, the system detects the change in the behavior of the mobile application in comparison to the normal behavior pattern of benign application.

The anomaly intrusion detection uses two types of behavior pattern analysis techniques, Static analysis, and Dynamic analysis. In Static analysis technique, the static features of Android applications are extracted such as permission requested, method call and API call sequence from the source code without executing the application. In Dynamic analysis technique, the features of Android applications are extracted by executing the application.

This research paper presents the Anomaly-based Intrusion Detection System based on the static feature analysis of Android Permission for detection and Classification of the malicious applications using Machine Learning Techniques.

The contributions made by this work are as followed:

• •

  533 Benign applications samples and 527 Malicious Android applications samples from 81 malware families have been taken for training the machine learning algorithms for malicious application detection and classification;

• •

  Feature Android Permission Requested of Android Application has been extracted with proposed feature extraction tool AndroData, a tool written in shell scripting language;

• •

  Rigorous analysis of Android Permission request pattern of sample Android applications has been done and dataset has been refined based on the analysis.

• •

  Machine Learning Models have been trained with the dataset and performance of various machine learning algorithms are evaluated for malicious application detection and classification of malicious applications from 81 malware families.