Title | Another free app: Does it have the right intentions? |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Fazeen, M, Dantu, R |
Conference Name | Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on |
Date Published | July |
Keywords | Android app task-intention identification, Android malware apps, Androids, benign apps, clusters, Feature extraction, Humanoid robots, I-Shape, intention-shape, invasive software, learning (artificial intelligence), machine learning model, malicious attacks, Malware, Mathematical model, mobile computing, permission-requests, PMF, probability mass functions, Shape, smart phone applications, smart phones, source code (software), source code extraction, static code analysis, Unsupervised learning |
Abstract |
Security and privacy holds a great importance in mobile devices due to the escalated use of smart phone applications (app). This has made the user even more vulnerable to malicious attacks than ever before. We aim to address this problem by proposing a novel framework to identify potential Android malware apps by extracting the intention and their permission requests. First, we constructed a dataset consisting of 1,730 benign apps along with 273 malware samples. Then, both datasets were subjected to source code extraction. From there on, we followed a two phase approach to identify potential malware samples. In phase 1, we constructed a machine learning model to group benign apps into different clusters based on their operations known as the task-intention. Once we trained the model, it was used to identify the task-intention of an Android app. Further, in this phase, we only used the benign apps to construct the task-intentions and none of the malware signatures were involved. Therefore, our approach does not use machine learning models to identify malware apps. Then, for each task-intention group, we extracted the permission-requests of the apps and constructed the probability mass functions (PMF). We named the shape of this PMF as Intention-Shape or I-Shape. In phase 2, we used the permission-requests, task-intentions and I-Shapes to identify potential malware apps. We compared the permission-requests of an unknown app with its corresponding I-Shape to identify the potential malware apps. Using this approach, we obtained an accuracy of 89% in detecting potential malware samples. The novelty of our work is to perform potential malware identification without training any models with malware signatures, and utilization of I-Shapes to identify such potential malware samples. Our approach can be utilized to identify the safety of an app before it is installed as it performs static code analysis. Further, it can be utilized in pre-screening or multi-layer security sys- ems. It is also highly useful in screening malware apps when launching in Android markets. |
DOI | 10.1109/PST.2014.6890950 |