Presenting A Method Based on Nearest Neighbors and Hamming Distance in Order to Identify Malicious Applications

Document Type : Original Article

Author

Associate Professor, Faculty of Computer and Information Technology, Shahid Sattari Aviation University, Tehran, Iran

Abstract

Nowadays, Android-based devices such as smart phones, tablets, and recently virtual reality headsets have found increasing usage in our daily lives. Along with the development of software for these devices, new malicious applications are released by intruders, which are more difficult to identify and deal with because they use more sophisticated methods. Although methods have been provided to calculate the security risk and identify malicious apps, but with the expansion of the level and depth of their threats, the need for new methods in this field is still required. In this study, we have presented a new algorithm to calculate the security risk of Android apps, which can be used to identify malicious apps from benign ones. In this algorithm, to estimate the security risk of an input app, the nearest neighbors of the type of malicious apps and the nearest neighbors of the type of normal apps are determined separately using Hamming distance. Then, based on the criteria presented in this article, the security risk of an unknown input app can be computed. After implementing this algorithm and adjusting the parameter of the number of neighbors with the help of real data, extensive various experiments were conducted in order to evaluate the proposed method. In these experiments, the proposed method was compared with three previously known methods in the context of detecting malicious apps, using four different datasets. The results show the higher detection rate of the proposed method in most cases.

Keywords

Smiley face

References

[1]      Inside, “Hackers remotely connect to VR devices via Big Brother malware,”  https://inside.com/xr/posts/hackers-remotely-connect-to-vr-devices-via-big-brother-malware-299588,” 2022.
[2]      B. Toulas, “New Android malware on Google Play installed 3 million times,” https://www.bleepingcomputer.com/news/security/new-android-malware-on-google-play-installed-3-million-times/, 2022.
[3]      L. Wen and H. Yu, “An Android malware detection system based on machine learning,” AIP conference proceedings. vol. 1864, No. 1. AIP publishing, 2017.
[4]      S. Gunalakshmii and P. Ezhumalai, “Mobile keylogger detection using machine learning technique,”In Proceedings of IEEE International Conference on Computer Communication and Systems, pp. 051–056, 2014.
[5]      J. Sahs and L. Khan, “A Machine Learning Approach to Android Malware Detection,” 2012 Eur. Intell. Secur. Informatics Conf., pp. 141–147, 2012.
[6]      S. Y. Yerima, S. Sezer, and I. Muttik, “Android Malware Detection Using Parallel Machine Learning Classifiers,” In Eighth international conference on next generation mobile apps, services and technologies, pp. 37–42, 2014.
[7]      M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo, “Data Mining Methods for Detection of New Malicious Executables,” Proc. 2001 IEEE
Symp. Secur. Priv., p. 38--, 2001.
[8]      W. G. Hatcher, D. Maloney, and W. Yu, “Machine learning-based mobile threat monitoring and detection,” 2016 IEEE/ACIS 14th Int. Conf.
Softw. Eng. Res. Manag. Appl. SERA 2016, pp. 67–73, 2016.
[9]      C. Gavrilu, Drago, Mihai, D. Anton, and L. Ciortuz, “Malware detection
using machine learning,” Comput. Sci. Inf. Technol. 2009. IMCSIT’09. Int.
Multiconference, pp. 735–741, 2009.]
[10]    Y. Chen, Y. Li, A. Tseng, and T. Lin, “Deep Learning for Malicious Flow Detection,” IEEE Access, p. 7, 2018
[11]    Rahali, A., Lashkari, A. H., Kaur, G., Taheri, L., Gagnon, F., & Massicotte, F. (2020, November). Didroid: Android malware classification and characterization using deep image learning. In 2020 The 10th international conference on communication and network security (pp. 70-82).
[12]    H. Li, S. Zhou, W. Yuan, X. Luo, C. Gao, S. Chen, Robust android malware detection against adversarial example attacks. In Proceedings of the Web Conference 2021, pp. 3603-3612.
[13]    H. Li, S. Zhou, W. Yuan, J. Li, and H. Leung,. Adversarial-example attacks toward android malware detection system. IEEE Systems Journal, 14(1), 2019, pp. 653-656.
[14]    C. S. Gates, J. Chen, N. Li, and R. W. Proctor, “Effective risk communication for android apps,” IEEE Transactions on dependable and secure computing, vol. 11, no. 3, pp. 252-265, 2013.
[15]    H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, R., and I. Molloy, “Using probabilistic generative models for ranking risks of android apps,” In Proceedings of the 2012 ACM conference on Computer and communications security, ACM,  October 2012, pp. 241-252.
[16]    C. S. Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, and I. Molloy, “Generating summary risk scores for mobile applications,” Dependable and Secure Computing, IEEE Transactions on, vol. 11, no. 3, pp. 238-251, 2014.
[17]    M. Deypir, “Estimating Security Risks of Android Apps Using Information Gain,” Electronic and Cyber Defense, vol. 5, no. 1, pp. 73-83, 2017. (in Persian).
[18]    M. Deypir, “Entropy-based security risk measurement for Android mobile applications,” Soft Computing, vol. 23, no. 16, pp. 7303-7319, 2019.
[19]    H. X. Son, B. Carminati, and E. Ferrari, “A Risk Assessment Mechanism for Android Apps,” In 2021 IEEE International Conference on Smart Internet of Things (SmartIoT), August 2021, pp. 237-244.
[20]    H. X. Son, B. Carminati, E. Ferrari, “A Risk Estimation Mechanism for Android Apps based on Hybrid Analysis,” Data Science and Engineering, 2022, pp. 1-11.
[21]    M. Deypir, A. Horri, “Instance based security risk value estimation for Android applications,” Journal of information security and applications, vol. 40, pp. 20-30, 2018.
[22]    D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T Siemens, “Drebin: Effective and explainable detection of android malware in your pocket,” In Ndss, Vol. 14, February 2014,pp. 23-26.
[23]    D. Geneiatakis, I. N. Fovino, I. Kounelis, and P. Stirparo, “A Permission verification approach for android mobile applications,” Computers & Security, vol. 49, pp.192-205, 2015.
[24]    B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Android permissions: a perspective combining risks and benefits,” In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, June 2012, pp. 13-22.
[25]    A. D. Schmidt, R. Bye,  H. G. Schmidt, J. Clausen, O. Kiraz, K. Yüksel, and S. Albayrak, “Static analysis of executables for collaborative malware detection on android,” In Communications, 2009. ICC'09. IEEE International Conference on, June 2009, pp. 1-5.
[26]    Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets,” In NDSS, Vol. 25, No. 4, February 2012, pp. 50-52.
[27]    Y. Aafer, W. Du, and H. Yin, “DroidAPIMiner: Mining API-level features for robust malware detection in android,” In Security and Privacy in Communication Networks, 2013, pp. 86-103. 
[28]    M. Christodorescu, S. Jha, C. Kruegel, “Mining specifications of malicious behavior,” In Proceedings of the 1st India software engineering conference, ACM, February 2008, pp. 5-14.
[29]    K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, “Learning and classification of malware behavior,” In Detection of Intrusions and Malware, and Vulnerability Assessment, 2008, pp. 108-125.
[30]    A. Shabtai, and Y. Elovici, “Applying behavioral detection on android-based devices,” In Mobile Wireless Middleware, Operating Systems, and Applications, 2010, pp. 235-249.
[31]    I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: behavior-based malware detection system for android,” In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, October 2011, pp. 15-26.
[32]    Y. Zhou, and X. Jiang, “Dissecting android malware: Characterization and evolution”, In Security and Privacy (SP), 2012 IEEE Symposium on May 2012, pp. 95-109.
[33]    D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM conference on Computer and communications security, October 2010, pp. 73-84.
[34]    D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM conference on Computer and communications security, October 2010, pp. 73-84.
[35]    W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A Study of Android Application Security,” In USENIX security symposium, August 2011 Vol. 2, p. 2.
[36]    W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” In Proceedings of the 16th ACM conference on Computer and communications security, November 2009, pp. 235-245. 
[37]    S. Chakradeo, B. Reaves, P. Traynor, W. Enck, “Mast: triage for market-scale mobile malware analysis,” In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, April 2013, pp. 13-24.
[38]    K. W. Y. Au, Y. F. Zhou, Z. Huang, D. Lie, “Pscout: analyzing the android permission specification,” In Proceedings of the 2012 ACM conference on Computer and communications security, October 2012, pp. 217-228.
[39]    Yang, M., & Wen, Q. (2016, August). Detecting android malware with intensive feature engineering. In 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS) (pp. 157-161). IEEE.
[40]    N. Zhang, Y. A. Tan, C. Yang, and Y. Li, “Deep learning feature exploration for android malware detection,” Applied Soft Computing, vol. 102, 2021.
Electronic and Cyber Defense
Volume 11, Issue 2 - Serial Number 42
No. 42, Summer
July 2023
Pages 81-90

Files

History

  • Receive Date: 09 September 2022
  • Revise Date: 13 January 2023
  • Accept Date: 17 May 2023
  • Publish Date: 22 June 2023

Share

How to cite

Statistics