Article: Identifying malicious Android apps using permissions and system events Journal: International Journal of Embedded Systems (IJES) 2016 Vol.8 No.1 pp.46 - 58 Abstract: With the popularity of the Android platform, more and more hackers take the Android platform as the profitable target. Android provides a risk communication defence mechanism against malicious applications, which has been demonstrated to be ineffective. It is common to quickly identify malicious applications by permission-based analysis methods. Recently, those permission-based methods are becoming useless when more and more applications request dangerous permissions. The proposed approaches are based on the key insight that the difference in the components trigger model in malware applications and benign applications. The malwares are interested in monitoring system broadcast to activate malicious components and request more permissions. The benign applications are preferable to receive self-define broadcast to activate their components and ask fewer permissions. Existing permission-based Android malware check methods can identify nearly 81% malware samples, but they also identify many normal applications as malware. In this paper, we extend the permission-based approach and employ machine learning approaches to identify the malicious applications. We use the datasets of the Market 2011, Market 2012, Market 2013 and Malware to evaluate the proposed methods. The experimental results illustrate the effectiveness of our proposal. Inderscience Publishers - linking academia, business and industry through research

Title: Identifying malicious Android apps using permissions and system events

Authors: Hongmu Han; Ruixuan Li; Xiwu Gu

Addresses: School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China ' School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China ' School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China

Abstract: With the popularity of the Android platform, more and more hackers take the Android platform as the profitable target. Android provides a risk communication defence mechanism against malicious applications, which has been demonstrated to be ineffective. It is common to quickly identify malicious applications by permission-based analysis methods. Recently, those permission-based methods are becoming useless when more and more applications request dangerous permissions. The proposed approaches are based on the key insight that the difference in the components trigger model in malware applications and benign applications. The malwares are interested in monitoring system broadcast to activate malicious components and request more permissions. The benign applications are preferable to receive self-define broadcast to activate their components and ask fewer permissions. Existing permission-based Android malware check methods can identify nearly 81% malware samples, but they also identify many normal applications as malware. In this paper, we extend the permission-based approach and employ machine learning approaches to identify the malicious applications. We use the datasets of the Market 2011, Market 2012, Market 2013 and Malware to evaluate the proposed methods. The experimental results illustrate the effectiveness of our proposal.

Keywords: malware; risk communication defence; embedded systems; malicious app identification; malicious apps; Android apps; permissions; system events; machine learning.

DOI: 10.1504/IJES.2016.073752

International Journal of Embedded Systems, 2016 Vol.8 No.1, pp.46 - 58

Received: 11 Jul 2014
Accepted: 06 Nov 2014
Published online: 17 Dec 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Identifying malicious Android apps using permissions and system events

Keep up-to-date