Lightweight Security Auditing Tool for Android Smart Mobile Phone: Design and Implementation
No Thumbnail Available
Date
2014-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Due to the fast growing market in Android smartphone operating systems to date cyber criminals
have naturally extended their target towards Google‘s Android mobile operating system. Threat
researchers are reporting an alarming increase of detected malware for Android from 2012 to
2013. Static analysis techniques for malware detection are based on signatures of known
malicious applications. It cannot detect new malware applications and the attacker will get
window of opportunities until the threat databases are updated for the new malware. Malware
detection techniques based on dynamic analysis are mostly designed as a cloud based services
where the user must submit the application to know whether the application is malware or not.
As a solution to these problems, in this work we design and implement a host based lightweight
security auditing tool that suits resource-constrained mobile devices in terms of low storage and
computational requirements. Our proposed solution utilizes the open nature of the Android
operating system and uses the public APIs provided by the Android SDK to collect features of
known-benign and known-malicious applications. The collected features are then provided to
machine learning algorithm to develop a baseline classification model. This classification model
is then used to classify new or unknown applications either as malware or goodware and if it is
malware it alerts the user about the infection.
Our proposed solution has been tested by analyzing both malicious and benign applications
collected from different websites. The technique used is shown to be an effective means of
detecting malware and alerting users about detection of malware, which suggests that it has the
capability to stop the spread of the attack since once the user is aware of the malicious
application he can take measures by uninstalling the application. Experimental results show that
the proposed solution has detection rate of 96.73% in RandomForest machine learning model which is
used during the final development of our proposed solution as an Android application and low rate of
false positive rate(0.01). Performance impact on the Android system can also be ignored which is
only 3.7-5.6% CPU overhead, 3-4% of RAM overhead and the battery exhaustion is only 2%.
Keywords: Smartphones, Android, Malware detection, Machine Learning, Classification
Description
Keywords
Smartphones, Android, Malware detection, Machine Learning, Classification