International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I

Research Article

Hybrid Detection Using Permission Analysis for Android Malware

Download
323 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-23829-6_40,
        author={Haofeng Jiao and Xiaohong Li and Lei Zhang and Guangquan Xu and Zhiyong Feng},
        title={Hybrid Detection Using Permission Analysis for Android Malware},
        proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I},
        proceedings_a={SECURECOMM},
        year={2015},
        month={11},
        keywords={Android Hybrid detection Euclidean distance Cosine similarity},
        doi={10.1007/978-3-319-23829-6_40}
    }
    
  • Haofeng Jiao
    Xiaohong Li
    Lei Zhang
    Guangquan Xu
    Zhiyong Feng
    Year: 2015
    Hybrid Detection Using Permission Analysis for Android Malware
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23829-6_40
Haofeng Jiao,*, Xiaohong Li,*, Lei Zhang,*, Guangquan Xu,*, Zhiyong Feng,*
    *Contact email: hfjiao@tju.edu.cn, xiaohongli@tju.edu.cn, lzhang@tju.edu.cn, losin@tju.edu.cn, zyfeng@tju.edu.cn

    Abstract

    The growth of malicious applications poses a great threat to the Android platform. In order to detect Android malware, this paper proposes a hybrid detection method based on permission. Firstly, applications are detected according to their permissions so that benign and malicious applications can be discriminated. Secondly, suspicious applications are run in order to collect the function calls related to sensitive permissions. Then suspicious applications are represented in a vector space model and their feature vectors are calculated by TF-IDF algorithm. Finally, the detection of suspicious applications is completed via security detection techniques adopting Euclidean distance and cosine similarity. At the end of this paper, an experiment including 982 samples is used as an empirical validation. The result shows that our method has a true positive rate at 91.2 % and a false positive rate at 2.1 %.