Performance Evaluation on Permission-Based Detection for Android Malware

Chun-Ying Huang*, Yi Ting Tsai, C. H. Hsu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

71 Scopus citations

Abstract

It is a straightforward idea to detect a harmful mobile application based on the permissions it requests. This study attempts to explore the possibility of detecting malicious applications in Android operating system based on permissions. Compare against previous researches, we collect a relative large number of benign and malicious applications (124,769 and 480, respectively) and conduct experiments based on the collected samples. In addition to the requested and the required permissions, we also extract several easy-to-retrieve features from application packages to help the detection of malicious applications. Four commonly used machine learning algorithms including AdaBoost, Naïve Bayes, Decision Tree (C4.5), and Support Vector Machine are used to evaluate the performance. Experimental results show that a permission-based detector can detect more than 81% of malicious samples. However, due to its precision, we conclude that a permission-based mechanism can be used as a quick filter to identify malicious applications. It still requires a second pass to make complete analysis to a reported malicious application.

Original languageEnglish
Title of host publicationAdvances in Intelligent Systems and Applications - Volume 2
Subtitle of host publicationProceedings of the International Computer
EditorsChang Ruay-Shiung, Peng Sheng-Lung, Lin Chia-Chen
Pages111-120
Number of pages10
DOIs
StatePublished - 2013

Publication series

NameSmart Innovation, Systems and Technologies
Volume21
ISSN (Print)2190-3018
ISSN (Electronic)2190-3026

Keywords

  • Android
  • Classification
  • Malware
  • Mobile Security
  • Permission

Fingerprint

Dive into the research topics of 'Performance Evaluation on Permission-Based Detection for Android Malware'. Together they form a unique fingerprint.

Cite this