A static analysis approach for Android permission-based malware detection systems.

Juliza Mohamad Arif,Sharfah Ratibah Tuan Mat,Suryanti Awang,Nor Syahidatul Nadiah Ismail,Mohd Faizal Ab Razak,Ahmad Firdaus,A Pravin

doi:10.1371/journal.pone.0257968

Juliza Mohamad Arif, Sharfah Ratibah Tuan Mat + Show 5 more

Open Access

https://doi.org/10.1371/journal.pone.0257968

Copy DOI

Journal: PloS one	Publication Date: Sep 30, 2021
Citations: 10	License type: CC BY 4.0

Affiliation: Universiti Malaysia Pahang

Abstract

The evolution of malware is causing mobile devices to crash with increasing frequency. Therefore, adequate security evaluations that detect Android malware are crucial. Two techniques can be used in this regard: Static analysis, which meticulously examines the full codes of applications, and dynamic analysis, which monitors malware behaviour. While both perform security evaluations successfully, there is still room for improvement. The goal of this research is to examine the effectiveness of static analysis to detect Android malware by using permission-based features. This study proposes machine learning with different sets of classifiers was used to evaluate Android malware detection. The feature selection method in this study was applied to determine which features were most capable of distinguishing malware. A total of 5,000 Drebin malware samples and 5,000 Androzoo benign samples were utilised. The performances of the different sets of classifiers were then compared. The results indicated that with a TPR value of 91.6%, the Random Forest algorithm achieved the highest level of accuracy in malware detection.

Highlights

The use of mobile devices has rapidly increased throughout the world in recent decades, with most people owning mobile device
This study evaluated the effectiveness of an Android malware detection system that applied static analysis techniques with machine learning
The current study utilised a machine learning approach which was comprised of five classifiers to detect Android mobile malware

Summary

Introduction

The use of mobile devices has rapidly increased throughout the world in recent decades, with most people owning mobile device. The convenience of mobile devices enables many online activities to be performed, for instance, the online streaming of information, social networking, video viewing, and online banking. This proliferation of technology has provided opportunities for the deployment of malware codes designed to target mobile devices. Malware can be classified according to the mechanism by which it gains access to a system: worms, backdoors, trojans, rootkits, spyware, and adware [1]. The McAfee Report [2] noted that malware such as backdoors, crypto mining, fake applications, and banking trojans increased substantially in the latter half of 2019. The McAfee report indicated that the incidence of malware attacks is increasing every year, with over 30 million mobile malware attacks detected in 2018

Methods

Findings

Discussion

Conclusion