PROTOTYPE Android permissions taken as initial input.
PROTOTYPE AND EXPERIMENTAL RESULTSWe built a prototype application to demonstrate proof of the concept.
The application is built using Java platform. Java Swing API is used to have intuitive user interface while the IO mechanisms are used to deal with file handling. The detection of malware is preceded by the classifier building with proposed pruning approach. FIGURE 2: Shows Android mobile app permissions As can be shown in Figure 2, there are around 135 Android permissions taken as initial input. Afterwards based on the significance in detecting malware, they are pruned further.
FIGURE 3: After completion of pruning the remaining permission are given ranking As shown in Figure 3, it is evident that every permission is given ranking. The permissions that remained after pruning process are considered to give ranking. EVALUATIONWe evaluated the proposed methodology with an empirical study. The detection accuracy of different algorithms is presented in Table 1. Algorithms Detection AccuracyLibSVM 0.6J48 0.
8ICFS 0.93Proposed 0.97TABLE 1: Detection accuracy comparisonAs can be seen in Table 1, the detection accuracy of the algorithm is compared. The proposed algorithm exhibited 0.97 accuracy in detection of malware. It is comparatively better performance when ICFS, J48 and LibSVM are considered FIGURE 4: Malware detection accuracy As presented in Figure 3, it is evident that there are many classifiers compared with the proposed one.
The LibSVM showed lest accuracy while proposed method showed highest accuracy. No. of Features Precision Recall5 91.29% 83.
90%10 90.21% 90.24%15 90.21% 91.21%20 90.47% 91.
65%25 90.64% 91.77%30 91.27% 90.
58%35 91.83% 90.05%40 96.28% 86.19%45 96.28% 85.94%50 96.
34% 85.82%55 96.35% 85.
80%135 98.81% 83.73%TABLE: Evaluation of the proposed algorithm The proposed algorithm is evaluated with measures like precision and recall.
A shown in Table 2, the precision and recall values are presented against number of features considered. FIGURE 5: Precision and recall of the proposed algorithm against number of featuresAs can be seen in Figure 4, the number of features is presented in horizontal axis. The values are taken from 5 to 135 incremental by 5 gradually. The precision and recall values showed in vertical axis are showing the performance of the proposed method. The precision and recall will have tradeoffs. It does mean that when precision is decreasing recall increase and vice versa. CONCLUSION AND FUTURE WORKAndroid malware became potential risk to smart phone applications.
The rationale behind this is the unprecedented popularity of Android platform for mobile phones. In this paper we studied different Android malware detection approaches in the literature and found the need for an approach that is cost effective besides increasing accuracy of prediction. We proposed a framework for building a classifier that takes care of malware detection.
The proposed approach is based on the permissions of Android mobile apps. We proposed an algorithm known as Permission Significance-based Pruning for Android Malware Detection (PSP-AMD) that identifies significance of permissions based on the given dataset and perform pruning and ranking in order to build a final model that can be used to detect Android malware. Experiments are made with malware dataset collected from VirusTotal. We built a prototype application to demonstrate proof of the concept. The empirical results revealed that the proposed solution is effective in detection of Android malware. In future we investigate further in the permission pruning and ranking to optimize our solution.
We also find it interested to work with other datasets to generalize our findings.