Title: Android malware detection based on permission combinations

Authors: Zenghui Liu; Yingxu Lai; Yinong Chen

Addresses: Automation Engineering Institute, Beijing Polytechnic, Beijing 100176, China ' College of Computer Science, Beijing University of Technology, Beijing 100124, China ' School of Computing, Informatics, and Decision Systems Engineering, Arizona State University, Tempe 85287, USA

Abstract: Considering the resource limitations of mobile terminals, such as memory capacity and battery power, it will take a large portion of resources if the complex malicious detection system is implemented in mobile terminals. We proposed the training part to be implemented on the backend server and the detecting part to be implemented on the mobile terminals. In addition, we apply permission information to the applications installed on the terminals, because permission mechanism controls the applications' accesses to sensitive information. In our method, we first employ apriori algorithm to define the permission combinations to be the initial feature and calculate the threat level of permission based on the relative deviation distances. The distances are then used as weights to the classification algorithm. In the process, we apply an integrated feature selection approach based on the principle of self-learning to extract important features to form the feature set. Finally, the minimum risk Bayes algorithm is introduced to classify unknown applications. The experimental results show that our method is effective on imbalanced datasets.

Keywords: Android malware; imbalanced datasets; integrated learning; permission-based mechanisms; malware detection; permission combinations; mobile terminals; memory capacity; battery power; threat levels; feature selection; self-learning; feature extraction; minimum risk Bayes algorithm.

DOI: 10.1504/IJSPM.2015.072522

International Journal of Simulation and Process Modelling, 2015 Vol.10 No.4, pp.315 - 326

Available online: 16 Oct 2015 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article