DETECTING MALICIOUS APPLICATION USING BEHAVIOUR ANALYSIS OF MOBILE SENSORS

Smartphones have become an inseparable part of every individual globally and the users have become increasingly dependent on these multi-functional gadgets that help in our day-to-day activities. But a user never knows what is going on inside his phone. He cannot decipher seeing a mobile application, whether it has any malicious behaviour by its appearance for any downloaded application from play store, or any third-party store. That app may be transmitting your data to a remote server without your knowledge. Even Google play store sometimes cannot detect these applications due to code obfuscation techniques. This research analyses mobile sensors' behaviour in malicious and benign mode and tries to detect if any application performs any malicious activity. Sherlock dataset has been used for the behavioural analysis by applying four supervised machine learning techniques to detect unusual behaviour and comparison has been made. We have taken two feature sets, one containing only application features, and others containing global features along with application features. We have used the F1 score as a deciding parameter for the best performance. XGBoost performs best with an F1 score of 98.82% and 98.86% on applications dataset and global dataset, respectively.

REFERENCES

[1] “Total smartphone users in the world ”https://www.bankmycell.com/blog/how-many-phones-are-in-the-world.
[2] “Total number of apps on google play store” https://www.-statista.com/statistics/266210/number-of-available-applications-in-the-google-playstore/#:~:text=The%20nu-mber%20of%20available%20apps,under%20the%20name%20Android%20Market.
[3] “Drop dialer” https://www.androidauthority.com/dropdialer-premum-rate-sms-malware-android-100783/
[4] “Google bouncer” https://www.theverge.com/2012/2/2/2766674/google-unveils-bouncer-service-to-automatically-detect-android-market
[5] “bankbot bypass google play stores bouncer” https://www.blackhat.com/docs/eu-17/webcast/10052017-scaling-security-operations.pdf
[6] “Threats to android/ types of malwares” https://kaspersky.co.in/resource-center/threats/mobile
[7] “Machine learning algorithms” https://www.analyticsvidhya.com/blog/2017/09/common-machine-learning-algorithms/
[8] “Performance metrics” https://www.svds.com/the-basics-of-classifier-evaluation-part-1/
[9] “Association plot” http://guianaplants.stir.ac.uk/seminar/resources/R_in_a_Nutshell_Second_Edition.pdf
[10] K. Patel and B. Buddadev, “Detection and mitigation of android malware through hybrid approach,” in Security in Computing and Communications, vol. 536 of Communications in Computer and Information Science, pp. 455–463, Springer, Basel, Switzerland, 2015.
[11] Y. Mirsky, A. Shabtai, L. Rokach, B. Shapira, and Y. Elovici, “Sherlock vs moriarty: A smartphone dataset for cybersecurity research”, in Proceedings of the 2016 ACM workshop on Artificial intelligence and security, ACM, 2016, pp. 1–12.
[12] A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y.Weiss, ““andromaly”: A behavioral malware detection framework for android devices”, Journal of Intelligent Information Systems, vol. 38, no. 1, pp. 161–190, 2012.
[13] M. S. Alam and S. T. Vuong, “Random Forest Classification for Detecting Android Malware”, in 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, Aug. 2013, pp. 663–669. DOI: 10.1109/GreenCom-iThings-CPSCom.2013.122.
[14] H.-S. Ham and M.-J. Choi, “Analysis of android malware detection performance using machine learning classifiers”, in ICT Convergence (ICTC), 2013 International Conference on, IEEE, 2013, pp. 490–495.
[15] A. E. Attar, R. Khatoun, and M. Lemercier, “A Gaussian mixture model for dynamic detection of abnormal behavior in smartphone applications”, in 2014 Global Information Infrastructure and Networking Symposium (GIIS), Sep. 2014, pp. 1–6. DOI: 10.1109/GIIS.2014.6934278.
[16] J. Milosevic, A. Ferrante, and M. Malek, “Malaware: Effective and efficient run-time mobile malware detector”, in Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), 2016 IEEE 14th Intl C, IEEE, 2016, pp. 270–277.
[17] A. Ferrante, E. Medvet, F. Mercaldo, J. Milosevic, and C. A. Visaggio, “Spotting the malicious moment: Characterizing malware behavior using dynamic features”, in Availability, Reliability and Security (ARES), 2016 11th International Conference on, IEEE, 2016, pp. 372–381.
[18] G. Canfora, E. Medvet, F. Mercaldo, and C. A. Visaggio, “Acquiring and analyzing app metrics for effective mobile malware detection”, in Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, ACM, 2016, pp. 50–57.
[19] L. Massarelli, L. Aniello, C. Ciccotelli, L. Querzoni, D. Ucci, and R. Baldoni, “Android malware family classification based on resource consumption over time”, arXiv preprint arXiv:1709.00875, 2017.