Characterizing Android apps’ behavior for effective detection of malapps at large scale

Future Generation Computer Systems

Volumn 75, Issue , 2017, Pages 30-45

  Wang, Xing ^a   Wang, Wei ^a   He, Yongzhong ^a   Liu, Jiqiang ^a   Han, Zhen ^a   Zhang, Xiangliang ^b  

^a BEIJING JIAOTONG UNIVERSITY   (China)

^b KING ABDULLAH UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Saudi Arabia)

Author keywords

Android; Feature comparison; Malicious apps detection

Indexed keywords

CLASSIFICATION (OF INFORMATION); COMMERCE; DECISION TREES; FEATURE EXTRACTION; REGRESSION ANALYSIS;

ANDROID; CLASSIFICATION PERFORMANCE; FALSE POSITIVE RATES; FEATURE COMPARISON; LOGISTIC REGRESSION CLASSIFIER; LOGISTIC REGRESSIONS; PERSISTENT FEATURE; TRUE POSITIVE RATES;

ANDROID (OPERATING SYSTEM);

EID: 85019842481     PISSN: 0167739X     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.future.2017.04.041     Document Type: Article

References (65)

1. Smartphone OS Market Share, Q2 2016. URL http://www.idc.com/prodserv/smartphone-os-market-share.jsp.
2. Android Apps on Google Play. URL https://play.google.com/store?hl=en.
3. Number of available Android applications - AppBrain. URL http://www.appbrain.com/stats/number-of-Android-apps.
4. Anzhi market. URL http://www.anzhi.com/.
5. Appchina market. URL http://www.appchina.com/.
6. Kaspersky, INTERPOL, Mobile Cyber Threats - Kaspersky Lab and INTERPOL Joint Report, Tech. Rep.,., 2014, Kaspersky and INTERPOL URL http://media.kaspersky.com/pdf/Kaspersky-Lab-KSN-Report-mobile-cyberthreats-web.pdf.
7. D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji, A methodology for empirical analysis of permission-based security models and its application to Android, in: CCS’10, 2010, pp. 73–84. http://dx.doi.org/10.1145/1866307.1866317.
8. A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, D. Wagner, Android permissions: User attention, comprehension, and behavior, in: SOUPS’12, 2012. http://dx.doi.org/10.1145/2335356.2335360.
9. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X., Exploring permission-induced risk in Android applications for malicious application detection. Trans. Inf. Forensics Secur. 9:11 (2014), 1869–1882, 10.1109/TIFS.2014.2353996.
10. A.P. Felt, H.J. Wang, A. Moshchuk, S. Hanna, E. Chin, Permission re-delegation: attacks and defenses, in: SEC’11.
11. L. Lu, Z. Li, Z. Wu, W. Lee, G. Jiang, CHEX: statically vetting Android apps for component hijacking vulnerabilities, in: CCS’12. http://dx.doi.org/10.1145/2382196.2382223.
12. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y., Andromaly: A behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38:1 (2012), 161–190, 10.1007/s10844-010-0148-x.
13. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, I. Molloy, Using probabilistic generative models for ranking risks of Android apps, in: CCS’12. http://dx.doi.org/10.1145/2382196.2382224.
14. B.P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, I. Molloy, Android permissions: a perspective combining risks and benefits, in: SACMAT’12. http://dx.doi.org/10.1145/2295136.2295141.
15. Y. Zhou, W. Zhi, Z. Wu, X. Jiang, Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets, in: NDSS’12.
16. H. Gascon, F. Yamaguchi, D. Arp, K. Rieck, Structural detection of Android malware using embedded call graphs, in: AISec’13. http://dx.doi.org/10.1145/2517312.2517315.
17. D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, K. Rieck, Drebin: Effective and explainable detection of Android malware in your pocket, in: NDSS’14.
18. S. Chakradeo, B. Reaves, P. Traynor, W. Enck, MAST: Triage for market-scale mobile malware analysis, in: WiSec’13. http://dx.doi.org/10.1145/2462096.2462100.
19. W. Enck, P. Gilbert, B.-G. Chun, L.P. Cox, J. Jung, P. McDaniel, A.N. Sheth, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones, in: OSDI’10.
20. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, P. McDaniel, Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps, in: PLDI’14. http://dx.doi.org/10.1145/2594291.2594299.
21. Y. Zhou, X. Jiang, Dissecting Android malware: Characterization and evolution, in: S&P’12. http://dx.doi.org/10.1109/SP.2012.16.
22. Z. Xu, K. Bai, S. Zhu, Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors, in: WiSec’13. http://dx.doi.org/10.1145/2185448.2185465.
23. Y. Michalevsky, D. Boneh, G. Nakibly, Gyrophone: Recognizing speech from gyroscope signals, in: SEC’14.
24. Aafer, Y., Du, W., Yin, H., Droidapiminer: Mining api-level features for robust malware detection in Android. Security and Privacy in Communication Networks, 2013, Springer, 86–103, 10.1007/978-3-319-04283-1_6.
25. < uses-feature >∣ Android Developers. URL http://developer.Android.com/guide/topics/manifest/uses-feature-element.html.
26. K.W.Y. Au, Y.F. Zhou, Z. Huang, D. Lie, PScout: analyzing the Android permission specification, in: CCS’12. http://dx.doi.org/10.1145/2382196.2382222.
27. Fan, R.-E., Chang, K.-W., Hsieh, C.-J., Wang, X.-R., Lin, C.-J., LIBLINEAR: A library for large linear classification. J. Mach. Learn. Res. 9 (2008), 1871–1874.
28. Quinlan, J.R., C4.5: Programs for Machine Learning. 1993, Morgan Kaufmann Publishers Inc., San Francisco, CA, USA.
29. Myapp market. URL http://Android.myapp.com/.
30. Lenovomm market. URL http://www.lenovomm.com/.
31. Gfan market. URL http://app.gfan.com/.
32. Nduoa market. URL http://nduoa.com/.
33. VirusTotal - free online virus, malware and URL scanner. URL https://www.virustotal.com/.
34. VirusShare.com URL http://virusshare.com/.
35. Chang, C.-C., Lin, C.-J., LIBSVM: A library for support vector machines. ACM Trans. Intell. Syst. Technol., 2, 2011 software available at URL http://www.csie.ntu.edu.tw/~cjlin/libsvm. http://dx.doi.org/10.1145/1961189.1961199.
36. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E., Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12 (2011), 2825–2830.
37. Tange, O., Gnu parallel-the command-line power tool. USENIX Mag. 36:1 (2011), 42–47.
38. D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, K.-P. Wu, Droidmat: Android malware detection through manifest and api calls tracing, in: Asia JCIS’12. http://dx.doi.org/10.1109/AsiaJCIS.2012.18.
39. Carlotto, M.J., Effect of errors in ground truth on classification accuracy. Int. J. Remote Sens. 30:18 (2009), 4831–4849.
40. P.H. Chia, Y. Yamamoto, N. Asokan, Is this app safe?: A large scale study on application permissions and risk signals, in: WWW’12. http://dx.doi.org/10.1145/2187836.2187879.
41. R. Pandita, X. Xiao, W. Yang, W. Enck, T. Xie, WHYPER: Towards automating risk assessment of mobile applications, in: SEC’13.
42. A. Gorla, I. Tavecchia, F. Gross, A. Zeller, Checking app behavior against app descriptions, in: ICSE’14. http://dx.doi.org/10.1145/2568225.2568276.
43. M. Frank, B. Dong, A.P. Felt, D. Song, Mining permission request patterns from Android and facebook applications, in: ICDM’12. http://dx.doi.org/10.1109/ICDM.2012.86.
44. N. Peiravian, X. Zhu, Machine learning for Android malware detection using permission and API calls, in: ICTAI’13. http://dx.doi.org/10.1109/ICTAI.2013.53.
45. S. Rosen, Z. Qian, Z.M. Mao, AppProfiler: A flexible method of exposing privacy-related behavior in Android applications to end users, in: CODASPY’13. http://dx.doi.org/10.1145/2435349.2435380.
46. G. Canfora, A.D. Lorenzo, E. Medvet, F. Mercaldo, C.A. Visaggio, Effectiveness of opcode ngrams for detection of multi family Android malware, in: Availability, Reliability and Security (ARES), 2015 10th International Conference on, 2015, pp. 333–340. http://dx.doi.org/10.1109/ARES.2015.57.
47. Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Blasco, J., Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families. Expert Syst. Appl. 41:4 (2014), 1104–1117.
48. Dini, G., Martinelli, F., Saracino, A., Sgandurra, D., Madam: A multi-level anomaly detector for Android malware. MMM-ACNS, Vol. 12, 2012, Springer, 240–253, 10.1007/978-3-642-33704-8_21.
49. I. Burguera, U. Zurutuza, S. Nadjm-Tehrani, Crowdroid: behavior-based malware detection system for Android, in: SPSM’11. http://dx.doi.org/10.1145/2046614.2046619.
50. S. Dai, A. Tongaonkar, X. Wang, A. Nucci, D. Song, Networkprofiler: Towards automatic fingerprinting of Android apps, in: INFOCOM’13. http://dx.doi.org/10.1109/INFCOM.2013.6566868.
51. K. Tam, S.J. Khan, A. Fattori, L. Cavallaro, Copperdroid: Automatic reconstruction of Android malware behaviors., in: NDSS, 2015.
52. Saracino, A., Sgandurra, D., Dini, G., Martinelli, F., Madam: Effective and efficient behavior-based Android malware detection and prevention. IEEE Trans. Dependable Secure Comput., PP(99), 2016, 10.1109/TDSC.2016.2536605 1–1.
53. W. Enck, M. Ongtang, P. McDaniel, On lightweight mobile phone application certification, in: CCS’09. http://dx.doi.org/10.1145/1653662.1653691.
54. M. Nauman, S. Khan, X. Zhang, Apex: extending Android permission model and enforcement with user-defined runtime constraints, in: AsiaCCS’10. http://dx.doi.org/10.1145/1755688.1755732.
55. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, Xmandroid: A new Android evolution to mitigate privilege escalation attacks, Technische Universität Darmstadt, Technical Report TR-2011-04.
56. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P., Semantically rich application-centric security in Android. Secur. Commun. Netw. 5:6 (2012), 658–673, 10.1002/sec.360.
57. S. Smalley, R. Craig, Security enhanced (se) Android: Bringing flexible mac to Android, in: NDSS’13.
58. Z. Yang, M. Yang, Y. Zhang, G. Gu, P. Ning, X.S. Wang, Appintent: Analyzing sensitive data transmission in Android for privacy leakage detection, in: CCS’13. http://dx.doi.org/10.1145/2508859.2516676.
59. L. Li, A. Bartel, T.F.D.A. Bissyande, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, P. McDaniel, Iccta: detecting inter-component privacy leaks in Android apps, in: ICSE’15.
60. F. Wei, S. Roy, X. Ou, et al. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps, in: CCS’14. http://dx.doi.org/10.1145/2660267.2660357.
61. Liu, X., Liu, J., Wang, W., He, Y., Zhang, X., Discovering and understanding Android sensor usage behaviors with data flow analysis. World Wide Web, 2017, 1–22, 10.1007/s11280-017-0446-0.
62. X. Liu, S. Zhu, W. Wang, J. Liu, Alde: privacy risk analysis of analytics libraries in the Android ecosystem, in: 12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm, 2016.
63. S. Rasthofer, S. Arzt, E. Bodden, A machine-learning approach for classifying and categorizing Android sources and sinks, in: NDSS’14.
64. D. Su, W. Wang, X. Wang, J. Liu, Anomadroid: Profiling Android applications’ behaviors for identifying unknown malapps, in: 2016 IEEE Trustcom/BigDataSE/ISPA, 2016, pp. 691–698. http://dx.doi.org/10.1109/TrustCom.2016.0127.
65. Wang, W., Li, Y., Wang, X., Liu, J., Zhang, X., Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers. Future Gener. Comput. Syst., 2017, 10.1016/j.future.2017.01.019.