Android resource usage risk assessment using hidden Markov model and online learning

Abstract

With Android devices users are allowed to install third-party applications from various open markets. This raises security and privacy concerns since the third-party applications may be malicious. Unfortunately, the increasing sophistication and diversity of the malicious Android applications render the conventional defenses techniques ineffective, which results in a large number of malicious applications to remain undetected. In this paper we present XDroid, an Android application and resource risk assessment framework based on the Hidden Markov Model (HMM). In our approach, we first map the applications' behaviors into an observation set, and we attach timestamps to some observations in the set. We show that our novel use of temporal behavior tracking can significantly improve the malware detection accuracy, and that the HMM can generate security alerts when suspicious behaviors are detected. Furthermore, we introduce an online learning model to integrate the input from users and provide adaptive risk assessment. We evaluate our model through a set of experiments on the DREBIN benchmark malware dataset. Our evaluation results demonstrate that the proposed model can accurately assess the risk levels of malicious applications and provide adaptive risk assessment based on user input.