Authors: Hongmu Han; Ruixuan Li; Xiwu Gu
Addresses: School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China ' School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China ' School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China
Abstract: With the popularity of the Android platform, more and more hackers take the Android platform as the profitable target. Android provides a risk communication defence mechanism against malicious applications, which has been demonstrated to be ineffective. It is common to quickly identify malicious applications by permission-based analysis methods. Recently, those permission-based methods are becoming useless when more and more applications request dangerous permissions. The proposed approaches are based on the key insight that the difference in the components trigger model in malware applications and benign applications. The malwares are interested in monitoring system broadcast to activate malicious components and request more permissions. The benign applications are preferable to receive self-define broadcast to activate their components and ask fewer permissions. Existing permission-based Android malware check methods can identify nearly 81% malware samples, but they also identify many normal applications as malware. In this paper, we extend the permission-based approach and employ machine learning approaches to identify the malicious applications. We use the datasets of the Market 2011, Market 2012, Market 2013 and Malware to evaluate the proposed methods. The experimental results illustrate the effectiveness of our proposal.
Keywords: malware; risk communication defence; embedded systems; malicious app identification; malicious apps; Android apps; permissions; system events; machine learning.
International Journal of Embedded Systems, 2016 Vol.8 No.1, pp.46 - 58
Available online: 17 Dec 2015 *Full-text access for editors Access for subscribers Purchase this article Comment on this article