Exploring permissions in android applications using ensemble-based extra tree feature selection

Howida Abuabker Alkaaf, Aida Ali, Siti Mariyam Shamsuddin, Shafaatunnur Hassan

Abstract


The fast development of mobile apps and its usage has led to increase the risk of exploiting user privacy. One method used in Android security mechanism is permission control that restricts the access of apps to core facilities of devices. However, that permissions could be exploited by attackers when granting certain combinations of permissions. So, the aim of this paper is to explore the pattern of malware apps based on analyzing permissions by proposing framework utilizing feature selection based on ensemble extra tree classifier method and machine learning classifier. The used dataset had 25458 samples (8643 malware apps & 16815 benign apps) with 173 features. Three dataset with 25458 samples and 5, 10 and 20 features respectively were generated after using the proposed feature selection method. All the dataset was fed to machine learning. Support Vector machine (SVM), K Neighbors Classifier, Decision Tree, Naïve bayes and Multilayer Perceptron (MLP) classifiers were used. The classifiers models were evaluated using true negative rate (TNR), false positive rate (FNR) and accuracy metrics. The experimental results obtained showed that Support Vector machine and KNeighbors Classifiers with 20 features achieved the highest accuracy with 94 % and TNR with rate of 89 % using KNeighbors Classifier. The FNR rate is dropped to 0.001 using 5 features with support vector machine (SVM) and Multilayer Perceptrons (MLP) classifiers. The result indicated that reducing permission features improved the performance of classification and reduced the computational overhead.

Keywords


Permission-based analysis; Feature selection; Machine Learning ;Malware Android classification

References


F. Idrees and M. Rajarajan, "Investigating the android intents and permissions for malware detection," Int. Conf. Wirel. Mob. Comput. Netw. Commun., pp. 354–358, 2014.

S. Kumar, A. Viinikainen, and T. Hamalainen, "A network-based framework for mobile threat detection, " Proc. - 2018 1st Int. Conf. Data Intell. Secur. ICDIS 2018, pp. 227–233, 2018.

S. Bhandari, W. Ben Jaballah, V. Jain, V. Laxmi, A. Zemmari, M. S. Gaur, M. Mosbah, and M. Conti, "Android inter-app communication threats and detection techniques, " Comput. Secur., vol. 70, pp. 392–421, 2017.

Anwar, Z. and Khan, W.A., "Guess who is listening in to the board meeting: on the use of mobile device applications as roving spy bugs, " Security and Communication Networks, vol. 8, no. 16, pp.2813-2825, 2015.

M. Alenezi and I. Almomani, "Abusing Android permissions: A security perspective," 2017 IEEE Jordan Conf. Appl. Electr. Eng. Comput. Technol. AEECT 2017, vol. 2018–Janua, pp. 1–6, 2018.

M. M. Saudi, L. H. Zahari, F. Ridzuan, N. Basir, S. Ali Pitchay, and N. F. Nabila, "A New Mobile Malware Classification for Camera Exploitation based on System Call and Permission," World Congr. Eng. Comput. Sci., vol. I, 2017.

D, Lynkova.'25+ Awesome Mobile Marketing Statistics for 2019', 2019. [Online]. Available: https://techjury.net/stats-about/mobile-marketing/. [Accessed: 23- July- 2019].

S. Ju, H. Seo, and J. Kwak, "Research on android malware permission pattern using permission monitoring system, " Multimed. Tools Appl., 2016.

developer.android.com. ' Permissions overview '. [Online]. Available: https://developer.android.com/guide/topics/permissions/overview. [Accessed: 20- July- 2019]

X. Liu and J. Liu, "A two-layered permission-based android malware detection scheme, " Proc. - 2nd IEEE Int. Conf. Mob. Cloud Comput. Serv. Eng. MobileCloud 2014, pp. 142–148, 2014.

W. Wang, X. Wang, D. Feng, J. Liu, Z. Han, and X. Zhang, "Exploring permission-induced risk in android applications for malicious application detection, " IEEE Trans. Inf. Forensics Secur., vol. 9, no. 11, pp. 1869–1882, 2014.

H. Jiao, X. Li, L. Zhang, and G. Xu, "International Conference on Security and Privacy in Communication Networks, " vol. 152, pp. 541–545, 2015.

A. Altaher, " An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features, " Neural Comput. Appl., vol. 28, no. 12, pp. 4147–4157, 2017.

sushma muttoo verma, "An android malware detection framework based on permissions and intents, " Def. Sci. J., vol. 66, no. 6, pp. 618–623, 2016.

A. Altaher and O. Mohammed, "Intelligent Hybrid Approach for Android Malware Detection based on Permissions and API Calls, " Int. J. Adv. Comput. Sci. Appl., vol. 8, no. 6, pp. 60–67, 2017.

R. Kumar, X. Zhang, R. Khan, and A. Sharif, " Research on Data Mining of Permission-Induced Risk for Android IoT Devices, " Appl. Sci., vol. 9, no. 2, p. 277, 2019.

scikit-learn.org.'scikit-learn Machine Learning in Python '. [Online]. Available:https://scikit-learn.org/stable/

A. Mahindru and P. Singh, "Dynamic Permissions based Android Malware Detection using Machine Learning Techniques, " pp. 202–210, 2017.

Kadir, A.F.A., Stakhanova, N. and Ghorbani, A.A., 2015, "Android botnets: What urls are telling us". In International Conference on Network and System Security (pp. 78-91). Springer, Cham.

H. Gonzalez, N. Stakhanova, and A. A. Ghorbani, "DroidKin: Lightweight Detection of Android Apps Similarity, " no. September, 2014.

Y. Zhou and X. Jiang. 'Android Malware Genome Project '. 2012.[Online]. Available: http://www.malgenomeproject.org/.[Accessed: 1- June- 2019]

' SandDroid - An automatic Android application analysis system '. See User's Manual. [Online]. Available: http://sanddroid.xjtu.edu.cn:8080/. [ Accessed: 1- June- 2019]

' bluestacks '. [Online]. Available: http://www.bluestacks.com/. [ Accessed: 1- June- 2019]

sklearn. ensemble. 'ExtraTreesClassifier ‘. ¶ [Online]. Available: https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.ExtraTreesClassifier.html#sklearn.ensemble.ExtraTreesClassifier. [ Accessed: 1- June- 2019]

'Tree-based feature selection¶'. [Online]. Available: https://scikit-learn.org/stable/modules/feature_selection.html#tree-based-feature-selection. [ Accessed: 1- June- 2019]

' Python | Pandas DataFrame. nlargest()'. [Online]. Available: https://www.geeksforgeeks.org/python-pandas-dataframe-nlargest/. [ Accessed: 1- June- 2019]

W. Li, J. Ge, and G. Dai, "Detecting Malware for Android Platform: An SVM-Based Approach, " 2015 IEEE 2nd Int. Conf. Cyber Secur. Cloud Comput., pp. 464–469, 2015.

developer.android.com. 'WRITE_CONTACTS’. [Online]. Available: https://developer.android.com/reference/android/Manifest.permission.html#WRITE_CONTACTS. [ Accessed: 1- June- 2019]

L. Sun, W. Srisa-an, H. Ye, Z. Li, J. Li, and Q. Yan, "Significant Permission Identification for Machine-Learning-Based Android Malware Detection, " IEEE Trans. Ind. Informatics, vol. 14, no. 7, pp. 3216–3225, 2018.

'Third-party sites & apps with access to your account'. Available: https://support.google.com/accounts/answer/3466521?hl=en

C.-C. Chang and C.-J. Lin, "Libsvm, " ACM Trans. Intell. Syst. Technol., vol. 2, no. 3, pp. 1–27, 2011.

M. V. V. P. V. K. A. Dhanya, "Identification of malicious android app using manifest and opcode features, " J. Comput. Virol. Hacking Tech., vol. 13, no. 2, pp. 125–138, 2017.

A. Mahindru, 'Android Malware and Normal permissions dataset', 2018. [Online]. Available: https://data.mendeley.com/datasets/958wvr38gy/5. [ Accessed: 1- June- 2019]

I. H. Witten, E. Frank, and M. a. Hall, Data Mining: Practical Machine Learning Tools and Techniques, Third Edition, vol. 54, no. 2. 2011.

Aggarwal, C.C. Data classification: algorithms and applications.2014, CRC press.

What is the extra trees algorithm in machine learning? [Online]. Available:

https://www.quora.com/What-is-the-extra-trees-algorithm-in-machine-learning. [Accessed: 23- Jun- 2019].

P. Geurts, D. Ernst, and L. Wehenkel, "Extremely randomized trees," Mach. Learn., vol. 63, no. 1, pp. 3–42, Apr. 2006.




DOI: http://doi.org/10.11591/ijeecs.v19.i1.pp%25p
Total views : 11 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

shopify stats IJEECS visitor statistics