A Survey of Android Malware and Their Detection Techniques on permissionsComparative Study of Android Malware Detection TechniquesConclusionIntroductionToday, mobile technology is being widely used around the world. Since 2008, the use of mobile technology has grown very rapidly. All confidential and private information such as photographs, videos, bank details, etc. are easily stored in the mobile. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get an Original Essay Many mobiles are available with many operating systems. Android is an open source mobile operating system available on many smartphones. According to Google, 1.3 million Android devices are activated every day. According to Gartner's report, Google's Android captured a total of 82% of the market in 2016. In the last quarter of 2016, 432 million smartphones were sold, of which 352 million used the Android operating system. also more prone to vulnerabilities and malicious malware attacks. According to Google's Android Security Report, a total of 655 vulnerabilities were found in 2016. A total of 316 vulnerabilities were found in the Android operating system in 2017, which is more than any other operating system. According to the Cisco report, 98% of malware targets the Android platform. So it is necessary to properly detect malware in this operating system. Malware threats are expected to increase as the functionality of mobile phones expands. There are many harmful apps that contain malware and endanger users' data and devices. These apps contain malware categories like spyware, trojans, phishing apps, etc. There are various Android malware detection techniques available to detect malware. In this paper, existing Android malware detection techniques are compared to design more robust and effective techniques. Android Malware Malware is any malicious program code that installs itself or is installed on any device without the user's permission and executes the functions without the user's knowledge. The main motive of the malware is to steal the confidential information of the smartphone, lock the smartphone, send SMS/MMS, make calls to premium rate numbers and share the information via GPS. According to the study, various research projects are also being undertaken to characterize various existing Android malware. A project called Android Malware Genome was undertaken to characterize existing Android malware. Another project named Android Drebin was also undertaken to enable a comparison of different malware detection approaches. Various data samples for Android malware are also available. Depending on the features, Android malware can be classified into different categories: Spyware, Trojans, Viruses, Phishing Apps, Bot Processes, Root Kits. Spyware secretly steals confidential information fromthe user on the mobile and send them to a third party. It gathers information such as OS version, IMEI, IMSI and device information. Trojans are installed along with the application and infect user devices by performing malicious activities. They automatically hijack the browser, capture login details of other apps like mobile banking, etc. Trojans always need user interaction. A virus is malicious program code that generates multiple copies. The multiple copies are attached to other program files or email attachments and infect them. Phishing apps are installed on devices through internet browsing from mobile devices. Phishing techniques steal user credentials and confidential data. Bot Process targets mobile devices and gets full access to the device and all its information and also provides control to third parties. Mobile botnets spread by sending text messages or emails from the infected device to another device. Root kits perform malicious activities on mobile devices by modifying the operating system. This malware provides full administrator privileges to the third party. Trojan horses are used to implant root kits. According to the latest study, the table represents the list of top 10 Android malware families with their description and capabilities. Based on the study, Android malware detection analysis techniques are divided into three categories: static analysis, dynamic analysis, and hybrid analysis. The taxonomy of existing Android malware detection techniques is also listed. The main goal of static analysis of mobile malware is to check permissions, application source code, components, resources and signatures. All information regarding the app resides in the APK file. Static analysis is performed using the APK file. Permissions, resources, codes, services and any other information are extracted from the APK file and analyzed correctly. There are different tools available for static analysis like apktool, aapt, dex2jar, jd-gui. Static analysis techniques are: Signature/Pattern Based Static Analysis The APK file contains a specific signature. Each APK file has a different signature. The signature contains the message summary of the APK file. If there is a change in the APK file, the message summary of the signature will also change and one can quickly analyze that the specific application is malicious. Malware signatures can also be collected to quickly identify malware.Resource-based static analysisAndroidManifest. XML file is a resource file that contains all the information about the resources used in the application. An application's resources contain UI modules such as widgets, menus, layout, etc. The AndroidManifest. xml is present in the APK file. Many malware running in the background require user interaction from these user interfaces. The user interface is therefore also an important part to analyze correctly. Component-Based Static Analysis The Android application is divided into several components such as: content providers, services, intents, activities, and broadcast receivers. The information of all these components is available in AndroidManifest.XML file. Most malware runs as background services and obtains information about intentions, activities, and receivers. The analysis of these components is therefore also very important to recognize malicious behavior. Permission-Based Static AnalysisAndroid provides a permission-based model for implementing integrated security. All permissions are set in AndroidManifest. XML file. The app should ask for access permissions like contacts, messages, internet, GPS, camera, etc. Authorization plays an important role in any Android application. A simple photo editing application if it asks for “READ_SMS” permission, it describes malicious behavior. Permission analysis is therefore also important for recognizing malicious behavior. Dynamic analysis includes behavioral analysis of the application. Dynamic features include system calls, network traffic, network flow, and network address. It monitors the behavior of the system. Some frameworks like Ananas, TaintDroid, DroidScope, CopperDroid are available to perform dynamic analysis. Hybrid analysis is a combination of static and dynamic analysis of the application. The process begins with static analysis. Static analysis checks application code, permissions, and components. Then, the dynamic analysis is carried out on the entire behavioral analysis of the application. There are only a few frameworks like Mobile Sand Box, Andrubis which follow the hybrid approach. Comparative Study of Android Malware Detection Techniques In this section, a detailed comparison is discussed between different Android malware detection techniques. The following parameters are considered for comparison: input, analysis type, dataset, dataset type, dataset source, final dataset selection, rate of detection, reliability of the detection rate and proposed approach. Samaneh proposed a sensitivity characteristic analysis technique for detection. Android malware. This technique divides the static features of classification-based Android malware detection techniques into some related categories and studies the influence using each feature category. Here the manifest file is taken as input and static analysis is performed. A final dataset of 57 malware samples comes from the Android Malgenome project and 57 good apps come from Google Android Market. The detection rate is 98%. Wonjoo proposed an Android malware detection system to detect SMiShing malware attacks. SMiShing attacks include sending SMS and MMS messages. Malicious applications, including SMS and MMS malware, are taken into account as input. Here static analysis is used. A final dataset of 1,200 malware samples is taken from the Android Malgenome project. The malware sample dataset is selected from 10 malware families. The detection rate is 100% since for each family, 2 to 5 malicious applications were tested and all applications were detected. Manzhi proposed a method named Intensive Feature Engineering to detect Android malware. Here a static analysis is performed. First, the Android app is statically inspected and manifest, dex code is extracted. Then, features are extracted from the files and integrated into a vector space. This set of integrated features allowsdetect malware using machine learning techniques. A final dataset of 550 malware samples from Android Project Drebin and 550 good samples were taken from Baidu Application Market. The malware sample dataset is selected from 16 malware families. The detection rate is 98%. Zi Wang proposed an Android malware detection approach known as DroidDeepLearner. This approach uses a deep learning algorithm to distinguish malicious Android apps from harmless ones. Different permissions and API call functions are taken into account as input. Here static analysis is used. A final dataset of 4,000 malware samples and 2,334 good samples is taken and the detection rate is 93%. Zarni proposed an Android malware detection system based on machine learning. First of all, features are extracted from Android apk files. Then, a dataset of extracted features is created from Android applications to develop an Android malware detection framework. Validations of machine learning approaches are performed to obtain accurate results. Here static analysis is used. A final dataset of 500 malware samples is taken and the detection rate is around 91%. Xiong proposed a contrasting permission model-based framework for Android malware detection. Contrasting permissions are used to characterize different malware and clean up application permissions. Some classifiers are also introduced. Here hybrid analysis is used. A final dataset of 298 malware samples is taken from the Android Malgenome project and 342 good samples are taken from third-party Android app marketplaces such as SlideME and Pandaapp. The detection rate is over 90%. Michael proposed an automated system named RiskRanker which is used for zero-day malware detection. RiskRanker analyzes and presents dangerous malware behavior in a scalable way. It performs a first-order scan and then a second-order scan to detect malicious behavior. Android applications are supported by this system. Here static analysis is used. A final dataset of 118,318 apps is collected and the detection rate is also very good. Daniel proposed a system named Drebin to detect Android malware. Drebin performs static analysis by bringing together many features of an application. These features are integrated into a common vector space. With the integrated dataset different malware models are identified. A final dataset of 5,560 malware samples is taken from the Malgenome project and malware forums. A final dataset of 123,453 good samples is extracted from Chinese markets, Google Android market, Russian market and security blogs. The malware sample dataset is selected from the top 20 malware families. The detection rate is 94%, because when installing 100 apps it detects 94%. On average, Drebin is able to analyze given applications in 10 seconds on 5 smartphones. Takasama proposed a kernel-based behavioral analysis system to detect Android malware. This system consists of a log collector in the Linux layer and alog analysis application. The log collector collects all system calls. The log analyzer matches activities to signatures with a regular expression to detect malicious activity. Here dynamic analysis is used. A final dataset of 230 apps comes from Android Google Market and of these, 64 apps were detected as malicious. Shuang proposed a permission combination-based system named Droid Detective to detect Android malware. This scheme is based on the permission combinations declared in the application manifest file. Rule sets are generated based on combinations of permissions for malware detection. Here static analysis is used. A final dataset of 1,260 malware samples is taken from the Malgenome project and 741 good samples are taken from Google Android Market. The detection rate is 96%.ConclusionMalware detection is the important key for the security of Android operating system. The number of malware is increasing day by day, so there is a need for new malware detection techniques that can detect malware more safely and accurately. Based on the comparative study of different Android malware detection techniques, each technique has its own advantages and limitations. In Samaneh, different static features are classified into different categories but cannot detect unknown malware. In Wonjoo, the malware detection rate is high, but it is only used to detect SMS and MMS based malware. In Manzhi, it combines multiple features into one level, but it consumes more time, energy and memory. In Zi Wang, it builds a DBN network model and provides in-depth analysis, but it takes a long time. In Zarni it provides security at installation time but it generates results only based on the manifest file. In Xiong, it provides different contrasting authorization models, but it generates results only based on the manifest file. In Micheal, it scalably analyzes whether a particular application poses a danger, but it takes more time. In Daniel, this helps identify malicious apps directly on the smartphone and is a lightweight but more time-consuming method. In Takasama[9], it records kernel messages and analyzes them for malicious activity, but it cannot detect unknown malware types. In Shuang, it combines different permissions at one level, but it generates results only based on a manifest file. Keep in mind: this is just an example. Get a personalized article from our expert writers now. Get a personalized trial Based on limitations of existing versions. malware detection techniques, it can be concluded that detection techniques that use static analysis consume more time, energy and resources. They also lack detection of application runtime behavior. Detection techniques that use dynamic scanning consume more resources and also cannot detect unknown malware types. Detection techniques that use hybrid analysis are accurate and scalable, but they consume more time and resources. A hybrid malware detection technique must be proposed, which will address all the limitations of static analysis approaches and..

Essay / A Survey of Android Malware and Their Detection Techniques on permissionsComparative Study of Android Malware Detection TechniquesConclusionIntroductionToday, mobile technology is being widely used around the world. Since 2008, the use of mobile technology has grown very rapidly. All confidential and private information such as photographs, videos, bank details, etc. are easily stored in the mobile. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get an Original Essay Many mobiles are available with many operating systems. Android is an open source mobile operating system available on many smartphones. According to Google, 1.3 million Android devices are activated every day. According to Gartner's report, Google's Android captured a total of 82% of the market in 2016. In the last quarter of 2016, 432 million smartphones were sold, of which 352 million used the Android operating system. also more prone to vulnerabilities and malicious malware attacks. According to Google's Android Security Report, a total of 655 vulnerabilities were found in 2016. A total of 316 vulnerabilities were found in the Android operating system in 2017, which is more than any other operating system. According to the Cisco report, 98% of malware targets the Android platform. So it is necessary to properly detect malware in this operating system. Malware threats are expected to increase as the functionality of mobile phones expands. There are many harmful apps that contain malware and endanger users' data and devices. These apps contain malware categories like spyware, trojans, phishing apps, etc. There are various Android malware detection techniques available to detect malware. In this paper, existing Android malware detection techniques are compared to design more robust and effective techniques. Android Malware Malware is any malicious program code that installs itself or is installed on any device without the user's permission and executes the functions without the user's knowledge. The main motive of the malware is to steal the confidential information of the smartphone, lock the smartphone, send SMS/MMS, make calls to premium rate numbers and share the information via GPS. According to the study, various research projects are also being undertaken to characterize various existing Android malware. A project called Android Malware Genome was undertaken to characterize existing Android malware. Another project named Android Drebin was also undertaken to enable a comparison of different malware detection approaches. Various data samples for Android malware are also available. Depending on the features, Android malware can be classified into different categories: Spyware, Trojans, Viruses, Phishing Apps, Bot Processes, Root Kits. Spyware secretly steals confidential information fromthe user on the mobile and send them to a third party. It gathers information such as OS version, IMEI, IMSI and device information. Trojans are installed along with the application and infect user devices by performing malicious activities. They automatically hijack the browser, capture login details of other apps like mobile banking, etc. Trojans always need user interaction. A virus is malicious program code that generates multiple copies. The multiple copies are attached to other program files or email attachments and infect them. Phishing apps are installed on devices through internet browsing from mobile devices. Phishing techniques steal user credentials and confidential data. Bot Process targets mobile devices and gets full access to the device and all its information and also provides control to third parties. Mobile botnets spread by sending text messages or emails from the infected device to another device. Root kits perform malicious activities on mobile devices by modifying the operating system. This malware provides full administrator privileges to the third party. Trojan horses are used to implant root kits. According to the latest study, the table represents the list of top 10 Android malware families with their description and capabilities. Based on the study, Android malware detection analysis techniques are divided into three categories: static analysis, dynamic analysis, and hybrid analysis. The taxonomy of existing Android malware detection techniques is also listed. The main goal of static analysis of mobile malware is to check permissions, application source code, components, resources and signatures. All information regarding the app resides in the APK file. Static analysis is performed using the APK file. Permissions, resources, codes, services and any other information are extracted from the APK file and analyzed correctly. There are different tools available for static analysis like apktool, aapt, dex2jar, jd-gui. Static analysis techniques are: Signature/Pattern Based Static Analysis The APK file contains a specific signature. Each APK file has a different signature. The signature contains the message summary of the APK file. If there is a change in the APK file, the message summary of the signature will also change and one can quickly analyze that the specific application is malicious. Malware signatures can also be collected to quickly identify malware.Resource-based static analysisAndroidManifest. XML file is a resource file that contains all the information about the resources used in the application. An application's resources contain UI modules such as widgets, menus, layout, etc. The AndroidManifest. xml is present in the APK file. Many malware running in the background require user interaction from these user interfaces. The user interface is therefore also an important part to analyze correctly. Component-Based Static Analysis The Android application is divided into several components such as: content providers, services, intents, activities, and broadcast receivers. The information of all these components is available in AndroidManifest.XML file. Most malware runs as background services and obtains information about intentions, activities, and receivers. The analysis of these components is therefore also very important to recognize malicious behavior. Permission-Based Static AnalysisAndroid provides a permission-based model for implementing integrated security. All permissions are set in AndroidManifest. XML file. The app should ask for access permissions like contacts, messages, internet, GPS, camera, etc. Authorization plays an important role in any Android application. A simple photo editing application if it asks for “READ_SMS” permission, it describes malicious behavior. Permission analysis is therefore also important for recognizing malicious behavior. Dynamic analysis includes behavioral analysis of the application. Dynamic features include system calls, network traffic, network flow, and network address. It monitors the behavior of the system. Some frameworks like Ananas, TaintDroid, DroidScope, CopperDroid are available to perform dynamic analysis. Hybrid analysis is a combination of static and dynamic analysis of the application. The process begins with static analysis. Static analysis checks application code, permissions, and components. Then, the dynamic analysis is carried out on the entire behavioral analysis of the application. There are only a few frameworks like Mobile Sand Box, Andrubis which follow the hybrid approach. Comparative Study of Android Malware Detection Techniques In this section, a detailed comparison is discussed between different Android malware detection techniques. The following parameters are considered for comparison: input, analysis type, dataset, dataset type, dataset source, final dataset selection, rate of detection, reliability of the detection rate and proposed approach. Samaneh proposed a sensitivity characteristic analysis technique for detection. Android malware. This technique divides the static features of classification-based Android malware detection techniques into some related categories and studies the influence using each feature category. Here the manifest file is taken as input and static analysis is performed. A final dataset of 57 malware samples comes from the Android Malgenome project and 57 good apps come from Google Android Market. The detection rate is 98%. Wonjoo proposed an Android malware detection system to detect SMiShing malware attacks. SMiShing attacks include sending SMS and MMS messages. Malicious applications, including SMS and MMS malware, are taken into account as input. Here static analysis is used. A final dataset of 1,200 malware samples is taken from the Android Malgenome project. The malware sample dataset is selected from 10 malware families. The detection rate is 100% since for each family, 2 to 5 malicious applications were tested and all applications were detected. Manzhi proposed a method named Intensive Feature Engineering to detect Android malware. Here a static analysis is performed. First, the Android app is statically inspected and manifest, dex code is extracted. Then, features are extracted from the files and integrated into a vector space. This set of integrated features allowsdetect malware using machine learning techniques. A final dataset of 550 malware samples from Android Project Drebin and 550 good samples were taken from Baidu Application Market. The malware sample dataset is selected from 16 malware families. The detection rate is 98%. Zi Wang proposed an Android malware detection approach known as DroidDeepLearner. This approach uses a deep learning algorithm to distinguish malicious Android apps from harmless ones. Different permissions and API call functions are taken into account as input. Here static analysis is used. A final dataset of 4,000 malware samples and 2,334 good samples is taken and the detection rate is 93%. Zarni proposed an Android malware detection system based on machine learning. First of all, features are extracted from Android apk files. Then, a dataset of extracted features is created from Android applications to develop an Android malware detection framework. Validations of machine learning approaches are performed to obtain accurate results. Here static analysis is used. A final dataset of 500 malware samples is taken and the detection rate is around 91%. Xiong proposed a contrasting permission model-based framework for Android malware detection. Contrasting permissions are used to characterize different malware and clean up application permissions. Some classifiers are also introduced. Here hybrid analysis is used. A final dataset of 298 malware samples is taken from the Android Malgenome project and 342 good samples are taken from third-party Android app marketplaces such as SlideME and Pandaapp. The detection rate is over 90%. Michael proposed an automated system named RiskRanker which is used for zero-day malware detection. RiskRanker analyzes and presents dangerous malware behavior in a scalable way. It performs a first-order scan and then a second-order scan to detect malicious behavior. Android applications are supported by this system. Here static analysis is used. A final dataset of 118,318 apps is collected and the detection rate is also very good. Daniel proposed a system named Drebin to detect Android malware. Drebin performs static analysis by bringing together many features of an application. These features are integrated into a common vector space. With the integrated dataset different malware models are identified. A final dataset of 5,560 malware samples is taken from the Malgenome project and malware forums. A final dataset of 123,453 good samples is extracted from Chinese markets, Google Android market, Russian market and security blogs. The malware sample dataset is selected from the top 20 malware families. The detection rate is 94%, because when installing 100 apps it detects 94%. On average, Drebin is able to analyze given applications in 10 seconds on 5 smartphones. Takasama proposed a kernel-based behavioral analysis system to detect Android malware. This system consists of a log collector in the Linux layer and alog analysis application. The log collector collects all system calls. The log analyzer matches activities to signatures with a regular expression to detect malicious activity. Here dynamic analysis is used. A final dataset of 230 apps comes from Android Google Market and of these, 64 apps were detected as malicious. Shuang proposed a permission combination-based system named Droid Detective to detect Android malware. This scheme is based on the permission combinations declared in the application manifest file. Rule sets are generated based on combinations of permissions for malware detection. Here static analysis is used. A final dataset of 1,260 malware samples is taken from the Malgenome project and 741 good samples are taken from Google Android Market. The detection rate is 96%.ConclusionMalware detection is the important key for the security of Android operating system. The number of malware is increasing day by day, so there is a need for new malware detection techniques that can detect malware more safely and accurately. Based on the comparative study of different Android malware detection techniques, each technique has its own advantages and limitations. In Samaneh, different static features are classified into different categories but cannot detect unknown malware. In Wonjoo, the malware detection rate is high, but it is only used to detect SMS and MMS based malware. In Manzhi, it combines multiple features into one level, but it consumes more time, energy and memory. In Zi Wang, it builds a DBN network model and provides in-depth analysis, but it takes a long time. In Zarni it provides security at installation time but it generates results only based on the manifest file. In Xiong, it provides different contrasting authorization models, but it generates results only based on the manifest file. In Micheal, it scalably analyzes whether a particular application poses a danger, but it takes more time. In Daniel, this helps identify malicious apps directly on the smartphone and is a lightweight but more time-consuming method. In Takasama[9], it records kernel messages and analyzes them for malicious activity, but it cannot detect unknown malware types. In Shuang, it combines different permissions at one level, but it generates results only based on a manifest file. Keep in mind: this is just an example. Get a personalized article from our expert writers now. Get a personalized trial Based on limitations of existing versions. malware detection techniques, it can be concluded that detection techniques that use static analysis consume more time, energy and resources. They also lack detection of application runtime behavior. Detection techniques that use dynamic scanning consume more resources and also cannot detect unknown malware types. Detection techniques that use hybrid analysis are accurate and scalable, but they consume more time and resources. A hybrid malware detection technique must be proposed, which will address all the limitations of static analysis approaches and..

Navigation

« Prev 1 2 3 4 5 Next »

Get In Touch