Performance Evaluation on Permission-Based Detection for Android Malware

Abstract

It is a straightforward idea to detect a harmful mobile application based on the permissions it requests. This study attempts to explore the possibility of detecting malicious applications in Android operating system based on permissions. Compare against previous researches, we collect a relative large number of benign and malicious applications (124,769 and 480, respectively) and conduct experiments based on the collected samples. In addition to the requested and the required permissions, we also extract several easy-to-retrieve features from application packages to help the detection of malicious applications. Four commonly used machine learning algorithms including AdaBoost, Nve Bayes, Decision Tree (C4.5), and Support Vector Machine are used to evaluate the performance. Experimental results show that a permission-based detector can detect more than 81% of malicious samples. However, due to its precision, we conclude that a permission-based mechanism can be used as a quick filter to identify malicious applications. It still requires a second pass to make complete analysis to a reported malicious application.

Citation

Chun-Ying Huang, Yi-Ting Tsai, and Chung-Han Hsu, "Performance Evaluation on Permission-Based Detection for Android Malware," International Computer Symposium, December 2012.

Bibtex

@inproceedings{huang12:permeval, author = {Chun-Ying Huang and Yi-Ting Tsai and Chung-Han Hsu}, title = {Performance Evaluation on Permission-Based Detection for Android Malware }, booktitle = {Proceedings of International Computer Symposium (ICS)}, pages = {--}, year = {2012} }

Download