PAM Clustering Aided Android Malicious Apps Detection

Abstract

The exponential growth of android contrivances has attracted cybercriminals strongly and dramatically. The applications existed in the android market represented an attack surface owing to the lack of security mechanisms applied by the Google play store. Additionally, downloading apps from unofficial sources lead to a further security threat. Any mobile application requests several permissions to access users’ data to run the app. Thus, attackers exploited this feature in compromising users’ sensitive data. This motivated several researchers to investigate security mechanisms to detect Android malware based on this feature utilizing machine learning techniques, particularly classification techniques. However, This research proposes a permission-based android malware detection framework using a clustering algorithm. Further motivation for this research is that large datasets labeling is a tough mission. Therefore, Our work will contribute to android malware detection as well as android apps datasets labeling. PAM (Partitioning Around Medoid) clustering has been exploited for this purpose since its less affected by outliers or other extreme values. The most significant features have been selected as an input to the clustering algorithm to enhance its results. The results depicted that our clustering algorithm was able from grouping our dataset into two categories malevolent and genuine apps. Moreover, our result has been validated by evaluation standard F-Measure, which is counting for 0.86 for 40 attributes subset, while it is 0.88 for 30 features subset. This reveals a good performance level of permission-based android malware detection and android applications datasets labeling into malware and good ware.