Lightweight Security Auditing Tool for Android Smart Mobile Phone: Design and Implementation

No Thumbnail Available

Date

2014-06

Journal Title

Journal ISSN

Volume Title

Publisher

Addis Ababa University

Abstract

Due to the fast growing market in Android smartphone operating systems to date cyber criminals have naturally extended their target towards Google‘s Android mobile operating system. Threat researchers are reporting an alarming increase of detected malware for Android from 2012 to 2013. Static analysis techniques for malware detection are based on signatures of known malicious applications. It cannot detect new malware applications and the attacker will get window of opportunities until the threat databases are updated for the new malware. Malware detection techniques based on dynamic analysis are mostly designed as a cloud based services where the user must submit the application to know whether the application is malware or not. As a solution to these problems, in this work we design and implement a host based lightweight security auditing tool that suits resource-constrained mobile devices in terms of low storage and computational requirements. Our proposed solution utilizes the open nature of the Android operating system and uses the public APIs provided by the Android SDK to collect features of known-benign and known-malicious applications. The collected features are then provided to machine learning algorithm to develop a baseline classification model. This classification model is then used to classify new or unknown applications either as malware or goodware and if it is malware it alerts the user about the infection. Our proposed solution has been tested by analyzing both malicious and benign applications collected from different websites. The technique used is shown to be an effective means of detecting malware and alerting users about detection of malware, which suggests that it has the capability to stop the spread of the attack since once the user is aware of the malicious application he can take measures by uninstalling the application. Experimental results show that the proposed solution has detection rate of 96.73% in RandomForest machine learning model which is used during the final development of our proposed solution as an Android application and low rate of false positive rate(0.01). Performance impact on the Android system can also be ignored which is only 3.7-5.6% CPU overhead, 3-4% of RAM overhead and the battery exhaustion is only 2%. Keywords: Smartphones, Android, Malware detection, Machine Learning, Classification

Description

Keywords

Smartphones, Android, Malware detection, Machine Learning, Classification

Citation