A Study of Permission-based Malware Detection Using Machine Learning

Islam, Md. Rafid; Rahman, Ratun; Ahmed, Akib

dc.contributor.author	Islam, Md. Rafid
dc.contributor.author	Rahman, Ratun
dc.contributor.author	Ahmed, Akib
dc.date.accessioned	2023-04-04T08:57:59Z
dc.date.available	2023-04-04T08:57:59Z
dc.date.issued	2022-05-31
dc.identifier.citation	[1] Schmidt, A.D., Clausen, J.H., Camtepe, A. and Albayrak, S., 2009, October. Detecting symbian os malware through static function call analysis. In 2009 4th International Conference on Malicious and Unwanted Software (MALWARE) (pp. 15-22). IEEE. [2] Upchurch, J. and Zhou, X., 2016, October. Malware provenance: code reuse detection in malicious software at scale. In 2016 11th International Conference on Malicious and Unwanted Software (MALWARE) (pp. 1-9). IEEE. [3] Alashjaee, A.M. and Haney, M., 2021, January. Forensic Requirements Specification for Mobile Device Malware Forensic Models. In 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC) (pp. 0930-0935). IEEE. [4] Qiao, Y., Yun, X. and Zhang, Y., 2016, August. How to automatically identify the homology of different malware. In 2016 IEEE Trustcom/BigDataSE/ISPA (pp. 929-936). IEEE. [5] Barabosch, T. and Gerhards-Padilla, E., 2014, October. Host-based code injection attacks: A popular technique used by malware. In 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE) (pp. 8-17). IEEE. [6] Zhao, B. and Lao, Y., 2018, October. Resilience of pruned neural network against poisoning attack. In 2018 13th International Conference on Malicious and Unwanted Software (MALWARE) (pp. 78-83). IEEE. [7] Ray, A. and Nath, A., 2016. Introduction to Malware and Malware Analysis: A brief overview. International Journal, 4(10). [8] Subrahmanian, V.S., Ovelg¨onne, M., Dumitras, T. and Prakash, B.A., 2015. Types of malware and malware distribution strategies. In The Global CyberVulnerability Report (pp. 33-46). Springer, Cham. 73 [9] Skoudis, E. and Zeltser, L., 2004. Malware: Fighting malicious code. Prentice Hall Professional. [10] Mishra, U., 2010. An introduction to computer viruses. Available at SSRN 1916631. [11] Apple, R. and Arch, C., 2007. Malicious Software-A Brief History. [12] Panko, R.R., 2003. Slammer: The first blitz worm. Communications of the Association for Information Systems, 11(1), p.12. [13] Rajesh, B., Reddy, Y.J. and Reddy, B.D.K., 2015. A survey paper on malicious computer worms. International Journal of Advanced Research in Computer Science and Technology, 3(2), pp.161-167. [14] Martin, J.C., Burge III, L.L., Gill, J.I., Washington, A.N. and Alfred, M., 2010. Modelling the spread of mobile malware. International Journal of Computer Aided Engineering and Technology, 2(1), pp.3-14. [15] J. Koret and E. Bachaalany, The antivirus hacker’s handbook. Indianapolis, IN: John Wiley Sons Inc, 2015. [16] Team, U.S.S., 2010. Zeus malfare: Threat banking industry. [17] J. Aycock, Spyware and Adware, vol. 50. Boston, MA: Springer US, 2011. [18] Landesman, Mary Landesman. “The First 25 Years Of Malware.” Lifewire. www.lifewire.com, March 9, 2021. https://www.lifewire.com/brief-history-ofmalware-153616. [19] Ali, A., 2017. Ransomware: A research and a personal case study of dealing with this nasty malware. Issues in Informing Science and Information Technology, 14, pp.87-99. [20] Chess, B. and McGraw, G., 2004. Static analysis for security. IEEE security privacy, 2(6), pp.76-79. 74 [21] Shijo, P.V. and Salim, A.J.P.C.S., 2015. Integrated static and dynamic analysis for malware detection. Procedia Computer Science, 46, pp.804-811. [22] C. H. Malin, E. Casey, and J. M. Aquilina, Malware Forensics: Investigating and Analyzing Malicious Code. Syngress, 2008. [23] Talukder, S., 2020. Tools and techniques for malware detection and analysis. arXiv preprint arXiv:2002.06819. [24] Landage, Jyoti, and M. P. Wankhade. ”Malware and malware detection techniques: A survey.” International Journal of Engineering Research and Technology (IJERT) 2.12 (2013): 2278-0181. [25] Robiah, Y., et al. ”A new generic taxonomy on hybrid malware detection technique.” arXiv preprint arXiv: 0909.4860 (2009). [26] Tahir, R., 2018. A study on malware and malware detection techniques. International Journal of Education and Management Engineering, 8(2), p.20. [27] Talal, M., Zaidan, A.A., Zaidan, B.B., Albahri, O.S., Alsalem, M.A., Albahri, A.S., Alamoodi, A.H., Kiah, M.L.M., Jumaah, F.M. and Alaa, M., 2019. Comprehensive review and analysis of anti-malware apps for smartphones. Telecommunication Systems, 72(2), pp.285-337. [28] Fazeen, M., Dantu, R. (2014). Another free app: Does it have the right intentions? In 2014 twelfth annual international conference on privacy, security and trust (PST) (pp. 282–289) [29] Yerima, S.Y., Sezer, S. and Muttik, I., 2015. High accuracy android malware detection using ensemble learning. IET Information Security, 9(6), pp.313-320. [30] M. Chandramohan and H. B. K. Tan, ”Detection of Mobile Malware in the Wild,” Computer, vol. 45, no. 9. pp. 65–71, 2012. [31] Mell, P., Kent, K. and Nusbaum, J., 2005. Guide to malware incident prevention and handling (pp. 800-83). Gaithersburg, Maryland: US Department of 75 Commerce, Technology Administration, National Institute of Standards and Technology. [32] Jyoti Landage, Prof. M. P. Wankhade, 2013, Malware and Malware Detection Techniques : A Survey, INTERNATIONAL JOURNAL OF ENGINEERING RESEARCH TECHNOLOGY (IJERT) Volume 02, Issue 12 (December 2013), [33] Fuchsberger, A., 2005. Intrusion detection systems and intrusion prevention systems. Information Security Technical Report, 10(3), pp.134-139. [34] Qiu, L., Varghese, G. and Suri, S., 2001, June. Fast firewall implementations for software-based and hardware-based routers. In Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems (pp. 344-345). [35] Schneider, F.B., 2003. Least privilege and more [computer security]. IEEE Security Privacy, 1(5), pp.55-59. [36] Cavusoglu, H., Cavusoglu, H. and Zhang, J., 2008. Security patch management: Share the burden or share the damage?. Management Science, 54(4), pp.657-670. [37] Termuxhackers-Id. (n.d.). Termuxhackers-ID/sara: SARA - simple Android ransomware attack. GitHub. Retrieved April 18, 2022, from https://github.com/termuxhackers-id/SARA [38] Laya Taheri, Andi Fitriah Abdulkadir, Arash Habibi Lashkari; Extensible Android Malware Detection and Family Classification Using Network-Flows and API-Calls, The IEEE (53rd) International Carnahan Conference on Security Technology, India, 2019 [39] Kiss, N., Lalande, J.F., Leslous, M., and Viet Triem Tong, V. 2016. Kharon dataset: Android malware under a microscope. In Learning from Authoritative Security Experiment Results. The USENIX Association. 76 [40] Malware Sample Exchange. MalwareBazaar. (n.d.). Retrieved April 23, 2022, from https://bazaar.abuse.ch/ [41] Quark-Engine. (n.d.). Quark-engine/quark-engine: Android malware (analysis: Scoring) system. GitHub. Retrieved April 18, 2022, from https://github.com/quark-engine/quark-engine [42] Li, Y., Yang, Z., Guo, Y., and Chen, X. 2017. DroidBot: A Lightweight UI-Guided Test Input Generator for Android. In Proceedings of the 39th International Conference on Software Engineering Companion (pp. 23–26). IEEE Press. [43] Honeynet. (n.d.). Honeynet/droidbot: A lightweight test input generator for Android. similar to monkey, but with more intelligence and cool features! GitHub. Retrieved April 18, 2022, from https://github.com/honeynet/droidbot [44] MLDroid. (n.d.). MLDroid/Androwarn: Yet another static code analyzer for malicious Android Applications. GitHub. Retrieved April 18, 2022, from https://github.com/MLDroid/androwarn [45] Hexabin. (n.d.). Hexabin/APKSTAT: Automated Information Retrieval from APKS for initial analysis. GitHub. Retrieved April 18, 2022, from https://github.com/hexabin/APKStat [46] Rednaga. (n.d.). Rednaga/apkid: Android Application Identifier for Packers, protectors, obfuscators and oddities - peid for Android. GitHub. Retrieved April 18, 2022, from https://github.com/rednaga/APKiD [47] Cryptax. (n.d.). Cryptax/droidlysis: Property extractor for Android apps. GitHub. Retrieved April 18, 2022, from https://github.com/cryptax/droidlysis [48] A. Kumar, V. Agarwal, S. K. Shandilya, A. Shalaginov, S. Upadhyay, B. Yadav (2019). PACE: Platform for Android Malware Classification and Performance Evaluation. In 2019 IEEE International Conference on Big Data (Big Data) (pp. 4280-4288). 77 [49] Ajit Kumar, K.S. Kuppusamy, G. Aghila (2018). FAMOUS: Forensic Analysis of MObile devices Using Scoring of application permissions. Future Generation Computer Systems, 83, 158-172. [50] Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K. and Siemens, C.E.R.T., 2014, February. Drebin: Effective and explainable detection of android malware in your pocket. In Ndss (Vol. 14, pp. 23-26). [51] MLDroid. (n.d.). MLDroid/Drebin: Drebin - NDSS 2014 re-implementation. GitHub. Retrieved April 18, 2022, from https://github.com/MLDroid/drebin [52] Allix, K., Bissyand´e, T.F., J´erome, Q., Klein, J. and Le Traon, Y., 2016. Empirical assessment of machine learning-based malware detectors for Android. Empirical Software Engineering, 21(1), pp.183-211. [53] MLDroid. (n.d.). MLDroid/csbd: The repository contains the python implementation of the android malware detection paper: ”empirical assessment of machine learning-based malware detectors for Android: Measuring the gap between in-the-lab and in-the-wild validation scenarios”. GitHub. Retrieved April 18, 2022, from https://github.com/MLDroid/csbd [54] Narayanan, A., Chandramohan, M., Chen, L. and Liu, Y., 2017. Contextaware, adaptive and scalable android malware detection through online learning (extended version). arXiv preprint arXiv:1706.00947. [55] Narayanan, A., Chandramohan, M., Chen, L. and Liu, Y., 2017. Contextaware, adaptive, and scalable android malware detection through online learning. IEEE Transactions on Emerging Topics in Computational Intelligence, 1(3), pp.157-175. [56] FSecureLABS. (n.d.). FSecureLABS/drozer: The leading security assessment framework for Android. GitHub. Retrieved April 18, 2022, from https://github.com/FSecureLABS/drozer [57] inf0junki3. (2017, October 6). Checking your Android device for known malware. Kudelski Security Research. Retrieved April 19, 2022, from 78 https://research.kudelskisecurity.com/2017/08/08/checking-your-androiddevice-for-known-malware/ [58] Kudelskisecurity. (n.d.). Kudelskisecurity/check all apks: Check all APK’s – scripts for checking your phone for malware. GitHub. Retrieved April 19, 2022, from https://github.com/kudelskisecurity/check all apks [59] Xaviha. (n.d.). Xaviha/Stormbreaker: Tool Social Engineering [Access Webcam Microphone OS Password Grabber Location Finder] with Ngrok. GitHub. Retrieved April 25, 2022, from https://github.com/xaviha/stormbreaker [60] Virustotal. (n.d.). Retrieved April 25, 2022, from https://www.virustotal.com/gui/home/upload [61] Herron, N., Glisson, W.B., McDonald, J.T. and Benton, R.K., 2021, January. Machine learning-based android malware detection using manifest permissions. Proceedings of the 54th Hawaii International Conference on System Sciences. [62] Hahn, S., Protsenko, M. and M¨uller, T., 2016. Comparative evaluation of machine learning-based malware detection on android. Sicherheit 2016-Sicherheit, Schutz und Zuverl¨assigkeit. [63] Anderson, H.S. and Roth, P., 2018. Ember: an open dataset for training static pe malware machine learning models. arXiv preprint arXiv:1804.04637. [64] Sewak, M., Sahay, S.K. and Rathore, H., 2018, August. An investigation of a deep learning-based malware detection system. In Proceedings of the 13th International Conference on Availability, Reliability, and Security (pp. 1-5). [65] Joyce, R.J., Amlani, D., Nicholas, C. and Raff, E., 2021. MOTIF: A Large Malware Reference Dataset with Ground Truth Family Labels. arXiv preprint arXiv:2111.15031. 79 [66] Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W. and Ye, H., 2018. Significant permission identification for machine-learning-based android malware detection. IEEE Transactions on Industrial Informatics, 14(7), pp.3216-3225. [67] Mahindru, A. and Singh, P., 2017, February. Dynamic permissions based android malware detection using machine learning techniques. In Proceedings of the 10th innovations in software engineering conference (pp. 202-210). [68] Arslan, R.S., Do˘gru, ˙I.A. and Bari¸s¸ci, N., 2019. Permission-based malware detection system for android using machine learning techniques. International journal of software engineering and knowledge engineering, 29(01), pp.43-61. [69] Milosevic, N., Dehghantanha, A. and Choo, K.K.R., 2017. Machine learning aided Android malware classification. Computers Electrical Engineering, 61, pp.266-274.	en_US
dc.identifier.uri	http://hdl.handle.net/123456789/1810
dc.description	Supervised by Dr. Md. Kamrul Hasan, Professor, Department of Computer Science and Engineering(CSE), Islamic University of Technology (IUT) Board Bazar, Gazipur-1704, Bangladesh. This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Software Engineering of Computer Science and Engineering department, 2022.	en_US
dc.description.abstract	Malware is becoming more prevalent, and several threat categories have risen dramatically in recent years. This paper provides a bird's-eye view of the world of malware analysis. It also presents a brief review of malware analysis approaches, common detection types, and some basic preventive strategies from various angles. An experiment has been done to show the influence of human factors on people. This study shows that most people are more likely to fall victim to a malware attack if that seems to come from a reliable source or person. The efficiency of five different machine learning methods (Naive Bayes, K-Nearest Neighbor, Decision Tree, Random Forest, Decision Forest) combined with features picked from the retrieval of Android permissions to categorize applications as harmful or benign is investigated in this study. On a test set consisting of 1,168 samples (each consisting of 948 features), produce accuracy rates above 80% (Except Naive Bayes Algorithm with 65% accuracy). Of the considered algorithms TensorFlow Decision Forest performed the best with an accuracy of 90%.	en_US
dc.language.iso	en	en_US
dc.publisher	Department of Computer Science and Engineering(CSE), Islamic University of Technology(IUT), Board Bazar, Gazipur, Bangladesh	en_US
dc.subject	Malware, malware analysis, malware detection, malware prevention, decision forest	en_US
dc.title	A Study of Permission-based Malware Detection Using Machine Learning	en_US
dc.type	Thesis	en_US