Skip to main content

Advertisement

Springer Nature Link
Log in

IPAnalyzer: A novel Android malware detection system using ranked Intents and Permissions

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Android malware has been growing in scale and complexity, spurred by the unabated uptake of smartphones worldwide. Millions of malicious Android applications have been detected in the past few years, posing severe threats like system damage, information leakage, etc. This calls for novel approaches to mitigate the growing threat of Android malware. Among various detection schemes, permission and intent-based ones have been widely proposed in the literature. However, many permissions and intents patterns are similar in normal and malware datasets. Such high similarity in both datasets’ permissions and intents patterns motivates us to rank them to find the distinguishing features. Hence, we have proposed a novel Android malware detection system named IPAnalyzer that first ranks the permissions and intents with a frequency-based Chi-square test. Then, the system applies a novel detection algorithm that combines ranked permissions and intents and involves various machine learning and deep learning classifiers. As a result, the proposed system gives the best set of permissions and intents with higher detection accuracy as an output. The experimental results highlight that our proposed approach can effectively detect Android malware with 98.49% detection accuracy, achieved with the combination of the top six permissions and top six intents. Furthermore, our experiments demonstrate that the proposed system with the Chi-square ranking is better than other statistical tests like Mutual Information and Pearson Correlation Coefficient. Moreover, the proposed model can detect Android malware with better accuracy and less number of features than various state-of-the-art techniques for Android malware detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
€32.70 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (France)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Algorithm 1

Similar content being viewed by others

Data Availability

The datasets generated during and/or analysed during the current study are available from the corresponding author on reasonable request.

Notes

  1. https://kinsta.com/mobile-vs-desktop-market-share/

  2. https://www.cybertalk.org/2022/06/10/10-eye-opening-mobile-malware-statistics-to-know/

  3. https://portal.av-atlas.org/malware

  4. https://dataprot.net/statistics/malware-statistics/

  5. https://developer.android.com/studio/command-line/aapt2

  6. https://www.virustotal.com/gui/home/upload

  7. https://developer.android.com/studio/command-line/aapt2

  8. https://scikit-learn.org/stable/modules/sklearn.preprocessing.OneHotEncoder.html

  9. https://scikit-learn.org/stable/modules/generated/ sklearn.feature_selection.chi2.html

  10. https://koodous.com/

References

  1. Felt AP, Ha E , Egelman S , Haney A, Chin E, Wagner D (2012) Android permissions: user attention, comprehension, and behavior. In: Proceedings of the eighth symposium on usable privacy and security, pp 1–14

  2. Şahın DÖ, Akleylek S, Kiliç E (2022) Linregdroid: detection of android malware using multiple linear regression models-based classifiers. IEEE Access 10:14246–14259

    Article  Google Scholar 

  3. Alsoghyer S, Almomani I (2020) On the effectiveness of application permissions for android ransomware detection. In: 2020 6th conference on data science and machine learning applications (CDMA), pp 94–99. IEEE

  4. Shrivastava G, Kumar P (2019) Sensdroid: analysis for malicious activity risk of android application. Multimed Tools Appl 78(24):35713–35731

    Article  Google Scholar 

  5. Idrees F, Rajarajan M, Chen TM, Rahulamathavan Y, Naureen A (2017) Andropin: correlating android permissions and intents for malware detection. In: 2017 8th IEEE annual information technology, electronics and mobile communication conference (IEMCON), pp 394–399. IEEE

  6. Idrees F, Rajarajan M (2014) Investigating the android intents and permissions for malware detection. In: 2014 IEEE 10th international conference on wireless and mobile computing, networking and communications (WiMob), pp 354–358. IEEE

  7. Li J, Sun L, Yan Q, Li Z, Srisa-An W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Industr Inf 14(7):3216–3225

    Article  Google Scholar 

  8. Khariwal K, Singh J, Arora A (2020) Ipdroid: android malware detection using intents and permissions. In: 2020 Fourth world conference on smart trends in systems, security and sustainability (WorldS4), pp 197–202. IEEE

  9. Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans Inf Forensics Secur 9(11):1869–1882

    Article  Google Scholar 

  10. Arora A, Peddoju SK (2017) Minimizing network traffic features for android mobile malware detection. In: Proceedings of the 18th international conference on distributed computing and networking, pp 1–10

  11. Shabtai A, Tenenboim-Chekina L, Mimran D, Rokach L, Shapira B, Elovici Y (2014) Mobile malware detection through analysis of deviations in application network behavior. Computers & Security 43:1–18

    Article  Google Scholar 

  12. Singh L, Hofmann M (2017) Dynamic behavior analysis of android applications for malware detection. In: 2017 International conference on intelligent communication and computational techniques (ICCT), pp 1–7. IEEE

  13. Feng P, Ma J, Sun C, Xu X, Ma Y (2018) A novel dynamic android malware detection system with ensemble learning. IEEE Access 6:30996–31011

    Article  Google Scholar 

  14. Sahal AA, Alam S, Soğukpinar I (2018) Mining and detection of android malware based on permissions. In: 2018 3rd International conference on computer science and engineering (UBMK), pp 264–268. IEEE

  15. Yerima SY, Sezer S, McWilliams G, Muttik I (2013) A new android malware detection approach using bayesian classification. In: 2013 IEEE 27th international conference on advanced information networking and applications (AINA), pp 121–128. IEEE

  16. Yerima SY, Sezer S, McWilliams G (2014) Analysis of bayesian classification-based approaches for android malware detection. IET Inf Secur 8(1):25–36

    Article  Google Scholar 

  17. Upadhayay M, Sharma A, Garg G, Arora A (2021) Rpndroid: android malware detection using ranked permissions and network traffic. In: 2021 Fifth World conference on smart trends in systems security and sustainability (WorldS4), pp 19–24. IEEE

  18. Rathore H, Kharat A, Manickavasakam A, Sahay SK, Sewak M (2023) Malefficient10%: a novel feature reduction approach for android malware detection. In: International conference on broadband communications, networks and systems, pp 72–92. Springer

  19. Chaudhary M, Masood A (2023) Realmalsol: real-time optimized model for android malware detection using efficient neural networks and model quantization. Neural Cmputing and Applications 35(15):11373–11388

    Article  Google Scholar 

  20. Rahima Manzil HH, Naik SM (2023) Android ransomware detection using a novel hamming distance based feature selection. J Comput Virology and Hacking Techniques 1–23

  21. Seyfari Y, Meimandi A (2023) A new approach to android malware detection using fuzzy logic-based simulated annealing and feature selection. Multimed Tools Appl 1–25

  22. Anupama M, Vinod P, Visaggio CA, Arya M, Philomina J, Raphael R, Pinhero A, Ajith K, Mathiyalagan P (2022) Detection and robustness evaluation of android malware classifiers. J Comput Virology Hacking Techniq 18(3):147–170

    Article  Google Scholar 

  23. Mahindru A, Sangal A (2022) Somdroid: android malware detection by artificial neural network trained using unsupervised learning. Evol Intel 15(1):407–437

    Article  Google Scholar 

  24. Mahindru A, Sangal A (2021) Fsdroid:-a feature selection technique to detect malware from android using machine learning techniques: Fsdroid. Multimed Tools Appl 80:13271–13323

    Article  Google Scholar 

  25. Şahin DÖ, Kural OE, Akleylek S, Kılıç E (2021) A novel permission-based android malware detection system using feature selection based on linear regression. Neural Computing and Applications, 1–16

  26. Talha KA, Alper DI, Aydin C (2015) Apk auditor: permission-based android malware detection system. Digit Investig 13:1–14

    Article  Google Scholar 

  27. Mahindru A, Singh P (2017) Dynamic permissions based android malware detection using machine learning techniques. In: Proceedings of the 10th innovations in software engineering conference, pp 202–210

  28. Doğru İA, Önder M (2020) Appperm analyzer: malware detection system based on android permissions and permission groups. Int J Software Eng Knowl Eng 30(03):427–450

    Article  Google Scholar 

  29. Shang F, Li Y, Deng X, He D (2018) Android malware detection method based on naive bayes and permission correlation algorithm. Clust Comput 21(1):955–966

    Article  Google Scholar 

  30. Tchakounté F, Wandala AD, Tiguiane Y (2019) Detection of android malware based on sequence alignment of permissions. Int J Comput (IJC) 35(1):26–36

    Google Scholar 

  31. Ju S-h, Seo H-s, Kwak J (2016) Research on android malware permission pattern using permission monitoring system. Multimed Tools Appl 75:14807–14817

    Article  Google Scholar 

  32. Ilham S, Abderrahim G, Abdelhakim BA (2018) Permission based malware detection in android devices. In: Proceedings of the 3rd International conference on smart city applications, pp 1–6

  33. Şahın DÖ, Kural OE, Akleylek S, Kiliç E (2018) New results on permission based static analysis for android malware. In: 2018 6th International symposium on digital forensic and security (ISDFS), pp 1–4. IEEE

  34. D’Angelo G, Palmieri F, Robustelli A (2022) A federated approach to android malware classification through perm-maps. Clust Comput 25(4):2487–2500

    Article  Google Scholar 

  35. Xiong P, Wang X, Niu W, Zhu T, Li G (2014) Android malware detection with contrasting permission patterns. China Communications 11(8):1–14

    Article  Google Scholar 

  36. Lu T, Hou S (2018) A two-layered malware detection model based on permission for android. In: 2018 IEEE International conference on computer and communication engineering technology (CCET), pp 239–243. IEEE

  37. Kavitha K, Salini P, Ilamathy V (2016) Exploring the malicious android applications and reducing risk using static analysis. In: 2016 International conference on electrical, electronics, and optimization techniques (ICEEOT), pp 1316–1319. IEEE

  38. Amer E (2021) Permission-based approach for android malware analysis through ensemble-based voting model. In: 2021 International mobile, intelligent, and ubiquitous computing conference (MIUCC), pp 135–139. IEEE

  39. Chakravarty S et al (2020) Feature selection and evaluation of permission-based android malware detection. In: 2020 4th International conference on trends in electronics and informatics (ICOEI)(48184), pp 795–799. IEEE

  40. Sirisha P, Anuradha T et al (2019) Detection of permission driven malware in android using deep learning techniques. In: 2019 3rd International conference on electronics, communication and aerospace technology (ICECA), pp 941–945. IEEE

  41. Wang Z, Li K, Hu Y, Fukuda A, Kong W (2019) Multilevel permission extraction in android applications for malware detection. In: 2019 International conference on computer, information and telecommunication systems (CITS), pp 1–5. IEEE

  42. Park J, Kang M, Cho S-j, Han H, Suh K (2020) Analysis of permission selection techniques in machine learning-based malicious app detection. In: 2020 IEEE Third international conference on artificial intelligence and knowledge engineering (AIKE), pp 92–99. IEEE

  43. Liang S, Du X (2014) Permission-combination-based scheme for android mobile malware detection. In: 2014 IEEE International conference on communications (ICC), pp 2301–2306. IEEE

  44. Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security, pp 235–245

  45. Wang Y, Zheng J, Sun C, Mukkamala S (2013) Quantitative security risk assessment of android permissions and applications. In: Data and applications security and privacy XXVII: 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings 27, pp 226–241. Springer

  46. Peng H, Gates C, Sarma B, Li N, Qi Y, Potharaju R, Nita-Rotaru C, Molloy I (2012) Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM conference on computer and communications security, pp 241–252

  47. Pandita R, Xiao X, Yang W, Enck W, Xie T (2013) \(\{\)WHYPER\(\}\): towards automating risk assessment of mobile applications. In: 22nd USENIX security symposium (USENIX Security 13), pp 527–542

  48. Samra AAA, Yim K, Ghanem OA (2013) Analysis of clustering technique in android malware detection. In: 2013 seventh international conference on innovative mobile and internet services in ubiquitous computing, pp 729–733. IEEE

  49. Zarni Aung WZ (2013) Permission-based android malware detection. Int J Sci Technol Res 2(3):228–234

    Google Scholar 

  50. Sanz B, Santos I, Laorden C, Ugarte-Pedrero X, Bringas PG, Álvarez G (2013) Puma: permission usage to detect malware in android. In: International joint conference e CISIS’12-ICEUTE 12-SOCO 12 special sessions, pp 289–298. Springer

  51. Moonsamy V, Rong J, Liu S (2014) Mining permission patterns for contrasting clean and malicious android applications. Futur Gener Comput Syst 36:122–132

    Article  Google Scholar 

  52. Backes M, Gerling S, Hammer C, Maffei M, Styp-Rekowsky P (2013) Appguard–enforcing user requirements on android apps. In: Tools and algorithms for the construction and analysis of systems: 19th international conference, TACAS 2013, held as part of the european joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings 19, pp 543–548. Springer

  53. Wu D-J, Mao C-H, Wei T-E, Lee H-M, Wu K-P (2012) Droidmat: android malware detection through manifest and api calls tracing. In: 2012 seventh asia joint conference on information security, pp 62–69. IEEE

  54. Kato H, Sasaki T, Sasase I (2021) Android malware detection based on composition ratio of permission pairs. IEEE Access 9:130006–130019

    Article  Google Scholar 

  55. Arora A, Peddoju SK, Conti M (2019) Permpair: android malware detection using permission pairs. IEEE Trans Inf Forensics Secur 15:1968–1982

    Article  Google Scholar 

  56. Saleem MS, Mišić J, Mišić VB (2020) Examining permission patterns in android apps using kernel density estimation. In: 2020 international conference on computing, networking and communications (ICNC), pp 719–724. IEEE

  57. Zhu H-j, Gu W, Wang L-m, Xu Z-c, Sheng VS (2023) Android malware detection based on multi-head squeeze-and-excitation residual network. Expert Syst Appl 212:118705

    Article  Google Scholar 

  58. Rathore H, Nandanwar A, Sahay SK, Sewak M (2023) Adversarial superiority in android malware detection: lessons from reinforcement learning based evasion attacks and defenses. Forensic Sci Int: Digital Investigation 44:301511

    Google Scholar 

  59. Keyvanpour MR, Barani Shirzad M, Heydarian F (2023) Android malware detection applying feature selection techniques and machine learning. Multimed Tools Appl 82(6):9517–9531

    Article  Google Scholar 

  60. Ravi V, Chaganti R (2023) Efficientnet deep learning meta-classifier approach for image-based android malware detection. Multimed Tools Appl 82(16):24891–24917

    Article  Google Scholar 

  61. Kaithal PK, Sharma V (2023) A novel efficient optimized machine learning approach to detect malware activities in android applications. Multimed Tools Appl 1–18

  62. Lee S-A, Yoon A-R, Lee J-W, Lee K (2022) An android malware detection system using a knowledge-based permission counting method. JOIV: Int J Inform Vis 6(1):138–144

    Article  Google Scholar 

  63. Wu Y, Li M, Zeng Q, Yang T, Wang J, Fang Z, Cheng L (2023) Droidrl: feature selection for android malware detection with reinforcement learning. Computers & Security 128:103126

    Article  Google Scholar 

  64. İbrahim M, Issa B, Jasser MB (2022) A method for automatic android malware detection based on static analysis and deep learning. IEEE Access 10:117334–117352

    Article  Google Scholar 

  65. Kabakus AT (2022) Droidmalwaredetector: a novel android malware detection framework based on convolutional neural network. Expert Syst Appl 206:117833

    Article  Google Scholar 

  66. Wang H, Zhang W, He H (2022) You are what the permissions told me! android malware detection based on hybrid tactics. J Inform Sec Appl 66:103159

    Google Scholar 

  67. Yuan W, Jiang Y, Li H, Cai M (2019) A lightweight on-device detection method for android malware. IEEE Trans Sys Man Cybernetics: Syst 51(9):5600–5611

    Article  Google Scholar 

  68. ython W (2021) Python. Python releases for windows 24

  69. Allix K, Bissyandé TF, Klein J, Le Traon Y (2016) Androzoo: collecting millions of android apps for the research community. In: Proceedings of the 13th international conference on mining software repositories, pp 468–471

  70. Franke TM, Ho T, Christie CA (2012) The chi-square test: often used and more often misinterpreted. Am J Eval 33(3):448–458

    Article  Google Scholar 

  71. Witten IH, Frank E (2002) Data mining: practical machine learning tools and techniques with java implementations. ACM SIGMOD Rec 31(1):76–77

    Article  Google Scholar 

  72. Fushiki T (2011) Estimation of prediction error by using k-fold cross-validation. Stat Comput 21:137–146

    Article  MathSciNet  Google Scholar 

Download references

Author information

Author notes

  1. Anshul Arora contributed equally to this work.

Authors and Affiliations

  1. Department of Applied Mathematics, Delhi Technological University, Delhi, -110042, India

    Yash Sharma & Anshul Arora

Authors
  1. Yash Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anshul Arora
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

There are equal contributions in this research from all the authors of this article.

Corresponding authors

Correspondence to Yash Sharma or Anshul Arora.

Ethics declarations

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sharma, Y., Arora, A. IPAnalyzer: A novel Android malware detection system using ranked Intents and Permissions. Multimed Tools Appl 83, 78957–79008 (2024). https://doi.org/10.1007/s11042-024-18511-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-024-18511-6

Keywords

Search

Navigation