Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection

Handle URI:
http://hdl.handle.net/10754/556652
Title:
Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection
Authors:
Wang, Wei; Wang, Xing; Feng, Dawei; Liu, Jiqiang; Han, Zhen; Zhang, Xiangliang ( 0000-0002-3574-5665 )
Abstract:
Android has been a major target of malicious applications (malapps). How to detect and keep the malapps out of the app markets is an ongoing challenge. One of the central design points of Android security mechanism is permission control that restricts the access of apps to core facilities of devices. However, it imparts a significant responsibility to the app developers with regard to accurately specifying the requested permissions and to the users with regard to fully understanding the risk of granting certain combinations of permissions. Android permissions requested by an app depict the app's behavioral patterns. In order to help understanding Android permissions, in this paper, we explore the permission-induced risk in Android apps on three levels in a systematic manner. First, we thoroughly analyze the risk of an individual permission and the risk of a group of collaborative permissions. We employ three feature ranking methods, namely, mutual information, correlation coefficient, and T-test to rank Android individual permissions with respect to their risk. We then use sequential forward selection as well as principal component analysis to identify risky permission subsets. Second, we evaluate the usefulness of risky permissions for malapp detection with support vector machine, decision trees, as well as random forest. Third, we in depth analyze the detection results and discuss the feasibility as well as the limitations of malapp detection based on permission requests. We evaluate our methods on a very large official app set consisting of 310 926 benign apps and 4868 real-world malapps and on a third-party app sets. The empirical results show that our malapp detectors built on risky permissions give satisfied performance (a detection rate as 94.62% with a false positive rate as 0.6%), catch the malapps' essential patterns on violating permission access regulations, and are universally applicable to unknown malapps (detection rate as 74.03%).
KAUST Department:
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
Citation:
Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection 2014, 9 (11):1869 IEEE Transactions on Information Forensics and Security
Journal:
IEEE Transactions on Information Forensics and Security
Issue Date:
7-Oct-2014
DOI:
10.1109/TIFS.2014.2353996
Type:
Article
ISSN:
1556-6013; 1556-6021
Additional Links:
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6891250
Appears in Collections:
Articles; Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division

Full metadata record

DC FieldValue Language
dc.contributor.authorWang, Weien
dc.contributor.authorWang, Xingen
dc.contributor.authorFeng, Daweien
dc.contributor.authorLiu, Jiqiangen
dc.contributor.authorHan, Zhenen
dc.contributor.authorZhang, Xiangliangen
dc.date.accessioned2015-06-10T11:44:15Zen
dc.date.available2015-06-10T11:44:15Zen
dc.date.issued2014-10-07en
dc.identifier.citationExploring Permission-Induced Risk in Android Applications for Malicious Application Detection 2014, 9 (11):1869 IEEE Transactions on Information Forensics and Securityen
dc.identifier.issn1556-6013en
dc.identifier.issn1556-6021en
dc.identifier.doi10.1109/TIFS.2014.2353996en
dc.identifier.urihttp://hdl.handle.net/10754/556652en
dc.description.abstractAndroid has been a major target of malicious applications (malapps). How to detect and keep the malapps out of the app markets is an ongoing challenge. One of the central design points of Android security mechanism is permission control that restricts the access of apps to core facilities of devices. However, it imparts a significant responsibility to the app developers with regard to accurately specifying the requested permissions and to the users with regard to fully understanding the risk of granting certain combinations of permissions. Android permissions requested by an app depict the app's behavioral patterns. In order to help understanding Android permissions, in this paper, we explore the permission-induced risk in Android apps on three levels in a systematic manner. First, we thoroughly analyze the risk of an individual permission and the risk of a group of collaborative permissions. We employ three feature ranking methods, namely, mutual information, correlation coefficient, and T-test to rank Android individual permissions with respect to their risk. We then use sequential forward selection as well as principal component analysis to identify risky permission subsets. Second, we evaluate the usefulness of risky permissions for malapp detection with support vector machine, decision trees, as well as random forest. Third, we in depth analyze the detection results and discuss the feasibility as well as the limitations of malapp detection based on permission requests. We evaluate our methods on a very large official app set consisting of 310 926 benign apps and 4868 real-world malapps and on a third-party app sets. The empirical results show that our malapp detectors built on risky permissions give satisfied performance (a detection rate as 94.62% with a false positive rate as 0.6%), catch the malapps' essential patterns on violating permission access regulations, and are universally applicable to unknown malapps (detection rate as 74.03%).en
dc.relation.urlhttp://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6891250en
dc.rights(c) 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.en
dc.subjectpermission usage analysisen
dc.subjectmalware detectionen
dc.subjectintrusion detectionen
dc.subjectAndroid systemen
dc.subjectAndroid securityen
dc.titleExploring Permission-Induced Risk in Android Applications for Malicious Application Detectionen
dc.typeArticleen
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Divisionen
dc.identifier.journalIEEE Transactions on Information Forensics and Securityen
dc.eprint.versionPost-printen
dc.contributor.institutionSchool of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, Chinaen
dc.contributor.institutionNational University of Defense Technology, Changsha 410073, Chinaen
kaust.authorZhang, Xiangliangen
All Items in KAUST are protected by copyright, with all rights reserved, unless otherwise indicated.