sigpid significant permission identification for android
play

SigPID: Significant Permission Identification for Android Malware - PowerPoint PPT Presentation

Feb 14, 2023 •744 likes •999 views

SigPID: Significant Permission Identification for Android Malware Detection Authors: Lichao Sun, Zhiqiang Li, Qiben Yan, Witawas Srisa-an and Yu Pan Department of Computer Science and Engineering University of Nebraska Lincoln Presenters: Yu

  1. SigPID: Significant Permission Identification for Android Malware Detection Authors: Lichao Sun, Zhiqiang Li, Qiben Yan, Witawas Srisa-an and Yu Pan Department of Computer Science and Engineering University of Nebraska Lincoln Presenters: Yu Pan

  2. Android OS • Android is the most popular operating system for smart-mobile devices • Android is also widely used in other mobile platforms, such as tablets, smart tvs, and smartwatches, etc. 2

  3. Growth of Android Malware • Android allows to install applications from uncertified third party stores There is a need to create an effective and efficient • 97% of all mobile malicious applications malware detection system to cope with this rapid growth target Android of malicious apps. • A new Android malware appears every 11 seconds 3

  4. System Overview 2 Support Vector Machines permission matrix (an app constructs a vector) benign apps 1 5 7 3 Decision Tree Training & Testing Multi-Level Data Pruning 6 Malware Detection Results malicious apps 4 Results Malware Detection System new permission matrix 4 (less features after pruning) Building Detection System Data Pre-Processing

  5. Introducing SIGPID • Multi-Level Data Pruning (MLDP) • Malware Detection using Significant Permission • Advanced MLDP with Fusion of Multiple Lists and X-value 5

  6. Multi-Level Data Pruning (MLDP) • Motivation: 135 permissions + huge number of applications = long processing time • Three levels of data pruning 1 2 Permission Ranking with Negative Rate Support Based Permission Ranking Permission Mining with Association Rules 6

  7. Balance Benign and Malicious Matrixes • Two matrixes: • Matrix of original malware: M • Matrix of original benign apps: B • Permission support formalization: 7

  8. Permission Ranking with Negative Rate (PRNR) • No need to consider all 135 permissions • Extract significant permissions: • Highly risky permission requested by malware • Rarely touched permission by malware • Remove permissions equally used by benign and malicious applications 8

  9. Permission Ranking with Negative Rate (PRNR) • R(P i ) = [-1,1] • -1 means non-risky permission • 1 means risky permission • 0 means lowest impact • -1 to 0 • 0 to 1 • Near 0 9

  10. Permission Incremental System (PIS) • Two sorted permission lists based on PRNR • Choose the top permissions in benign and malware permission lists and evaluate malware detection • Choose top three permissions in both lists and evaluate malware detection • Repeat until f-measure becomes stable • Remove 40 insignificant permissions from the total of 135 permissions Remaining Permission : 135 – 40 = 95 10

  11. Support Based Permission Ranking (SPR) • Prune permissions with low impact • Two policies • Use PIS to find the least number of permissions • Set a very small threshold of support • Remove 70 more permissions Remaining Permission: 135 – 40- 70 = 25 11

  12. Permission Mining with Association Rules (PMAR) • Some permissions are always used together • We can use the one with higher support to represent both • Use Apriori with 95% minimum confidence and 3% minimum support • Remove 3 additional permissions Remaining Permission: 135 – 40 - 70 = 25 12

  13. Evaluation • Data Set • MLDP Effectiveness • Malware Detection Performance with Different Machine Learning Algorithms • Comparison with Other Approaches 13

  14. Evaluation Criterion prediction malicious benign • Precision malicious TP FN actual benign FP TN • Recall • F-Measure 200 apps (100 malicious apps + 100 benign apps) prediction malicious benign malicious 85 15 actual benign 5 95 Precision = TP/(TP+FP)=94.4% Recall = TP/(TP+FN)=85% FM = 2*Precision*Recall/(Precision+Recall)= 89.7% 14

  15. Data Set • 1,661 and 5,494 malicious applications • 310,926 benign applications • Extract permission information from the Android Manifest file of each app • One vector represent an app with 1s and 0s, where 1 represents required permission and 0 otherwise 15

  16. Multi-level Data Pruning Effectiveness • Permission ranking with negative rate (PRNR) effectiveness • Support Based Permission Ranking(SPR) effectiveness • Permission mining with association rules (PMAR) effectiveness 16

  17. Multi-level Data Pruning Effectiveness Number of Status Precision Recall(TPR) FPR F-measure Accuracy Permissions 135 Original 98.81% 83.73% 1.01% 90.65% 91.36% 95 PRNR 96.39% 85.78% 3.22% 90.77% 91.28% 25 PRNR+PMAR 90.64% 91.77% 9.56% 91.17% 91.10% 22 PRNR+PMAR+SPR 91.55% 91.22% 8.54% 91.34% 91.34% 17

  18. Malware Detection using Significant Permissions • Implement 67 machine learning algorithms • Compare 22 permissions with 135 permissions 18

  19. Performance of Machine Learning Algorithms # of Permissions 22 40 135 Name of Algorithm Time(Seconds) Time More Time Time More Time RandomCommittee 1.376 2.078 51.02% 7.995 481.03% RotationForest 47.303 71.887 51.97% 236.944 400.91% FT 0.731 2.14 192.75% 24.55 3258.41% PART 16.673 24.645 47.81% 104.74 528.20% RandomForest 14.028 20.045 42.89% 59.991 327.65% SVM 2.4722 2.7604 11.66% 3.6773 48.75% 19

  20. Optimal ML Algorithms For SigPID and Android Dangerous Permissions #of Permissions Best ML Precision Recall(TPR) FPR F-measure Accuracy SigPID (24) FT 97.54% 93.62% 2.36% 95.54% 95.63% Android (22) Random Forest 98.61% 90.35% 1.27% 94.30% 94.54% 20

  21. Detection Performance using Unknown Real-World Malware RandomForest PART FT RotationForest RandomCommittee 83.0% 84.0% 85.0% 86.0% 87.0% 88.0% 89.0% 90.0% 91.0% 92.0% Android MLDP_22 21

  22. Comparison with other approaches Method Recall SigPID with FT 93.62 SigPID with SVMs 91.22 Mutual Information 86.4 Drebin 93.9 AV1 96.41 AV2 93.71 AV3 84.66 AV4 84.54 AV5 78.38 AV6 64.16 AV7 48.5 AV8 48.34 22 AV9 9.84 AV10 3.99

  23. Future Work • Enlarge dataset for malware and collect more features of the original dataset • Develop a new machine learning algorithm • Use additional information, such as that obtained through static program structure information (e.g., Static call graphs and calling context) and runtime information (e.g., Dynamic call graphs) to further classify behavior and pinpoint locations of malicious code 23

  24. Conclusion • We have developed a malware detection system based on permission • We are able to only consider a fraction of permissions to provide effective malware detection • Our approach performs as well as or better than techniques that consider more permissions or all permissions • By using significant permissions, we can improve performance a lot 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich Olga Gadyatskaya RAID 2016 Sensitive Resource Protection in Android Android is the most popular mobile OS: - ~ 2 billion of third-party apps

523 views • 24 slides
Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the permission model working? Are users making good decisions? Most Popular Android App Demo App abusing permissions Demo explained Permissions:

819 views • 43 slides
A certified reference validation mechanism for the permission model of Android Gustavo Betarte

A certified reference validation mechanism for the permission model of Android Gustavo Betarte

Motivation Introduction Specification Verification A certified reference validation mechanism for the permission model of Android Gustavo Betarte Juan Campo Felipe Gorostiaga Carlos Luna InCo, Facultad de Ingenier a, Universidad de

850 views • 73 slides
BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member Agenda 02 03 01 Network Security Internet socket in Aspects Permission in Android OS Marshmallow INTERNET PERMISSION IN MARSHMALLOW

584 views • 33 slides
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors:

992 views • 77 slides
TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications Faysal Hossain Shezan, Kaiming Cheng, Zhen Zhang, Yinzhi Cao, Yuan Tian Permission-based Access Control Android Chrome IFTTT 2

842 views • 82 slides
Permission Specification Kathy Au, Billy Zhou, James Huang, David Lie University of Toronto

Permission Specification Kathy Au, Billy Zhou, James Huang, David Lie University of Toronto

PScout: Analyzing the Android Permission Specification Kathy Au, Billy Zhou, James Huang, David Lie University of Toronto Smartphone Permission System Smartphones are loaded with sensors GPS, camera, microphone, NFC, Wi-Fi radio, etc.

601 views • 27 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Android Location Interface 1. Request permission in

207 views • 10 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
- Rohit Vobbilisetty What is the Camera API Capture Photos Capture Videos Camera API -

- Rohit Vobbilisetty What is the Camera API Capture Photos Capture Videos Camera API -

- Rohit Vobbilisetty What is the Camera API Capture Photos Capture Videos Camera API - Android 2 Before starting Declare the permissions in the Android Manifest Camera Usage: <uses-permission android:name=

355 views • 19 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides
THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson

THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson

THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson Tim Wyatt BlackHat USA 2010 AGENDA Android Internals Overview Security/Permission Model Why Ask For Permission When You Can Ask For

1.17k views • 87 slides
Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource

Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource

Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage Kevin Leach 1 , Fengwei Zhang 2 , and Westley Weimer 1 1 University of Michigan, 2 Wayne State University Leach, Zhang, & Weimer 1 / 19

704 views • 47 slides
PathArmor : Practical Context-Sensitive CFI Dennis Andriesse , Victor van der Veen ,

PathArmor : Practical Context-Sensitive CFI Dennis Andriesse , Victor van der Veen ,

PathArmor : Practical Context-Sensitive CFI Dennis Andriesse , Victor van der Veen , s , Ben Gras , Lionel Sambuc , Asia Slowinska , Enes G okta Herbert Bos , Cristiano Giuffrida Joint first authorship

588 views • 42 slides
Overview of Indeterminate Cytology Scott Boerner MD FRCPC Head Cytopathology, University Health

Overview of Indeterminate Cytology Scott Boerner MD FRCPC Head Cytopathology, University Health

83 rd Annual Meeting American Thyroid Association Overview of Indeterminate Cytology Scott Boerner MD FRCPC Head Cytopathology, University Health Network University of Toronto PRESENTATION FROM THE 83rd ANNUAL MEETING OF THE AMERICAN THYROID

662 views • 26 slides
Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in my patient pathogenic or benign? "The Doctor" by Sir Luke Fildes (1891) Drop in genome price drives increase in patient variant

500 views • 22 slides
Adaptive Routing in Dragonfly Networks Peyman Faizian , ShafayatRahman Scott Pakin AtiqulMollah,

Adaptive Routing in Dragonfly Networks Peyman Faizian , ShafayatRahman Scott Pakin AtiqulMollah,

Traffic Pattern-based C Adaptive Routing in Dragonfly Networks Peyman Faizian , ShafayatRahman Scott Pakin AtiqulMollah, Xin Yuan Mike Lang Florida State University Los Alamos National Laboratory Motivation Dragonfly has been known as a

491 views • 33 slides
Ranking and classifying the VUS for family counseling: Using a model from cancer researchers

Ranking and classifying the VUS for family counseling: Using a model from cancer researchers

Ranking and classifying the VUS for family counseling: Using a model from cancer researchers Martin Tristani-Firouzi, MD Division of Pediatric Cardiology Nora Eccles Harrison CVRTI University of Utah School of Medicine Disclosure The speaker

883 views • 33 slides
seclab Impersonation Attacks through a Dedicated Bi-directional Authenticated Channel THE

seclab Impersonation Attacks through a Dedicated Bi-directional Authenticated Channel THE

Protecting Web-based Single Sign-on Protocols against Relying Party seclab Impersonation Attacks through a Dedicated Bi-directional Authenticated Channel THE COMPUTER SECURITY GROUP AT UC SANTA BARBARA Yinzhi Cao

704 views • 45 slides
The Evolution of Global Inequalities: the impact on politics and the economy Professor Branko

The Evolution of Global Inequalities: the impact on politics and the economy Professor Branko

Hosted by the International Inequalities Institute The Evolution of Global Inequalities: the impact on politics and the economy Professor Branko Milanovic Senior Scholar, Luxembourg Income Study Centre Visiting Presidential Professor, Graduate

909 views • 79 slides

More recommend