Malicious Application Detection
Malicious Application Detection
Malicious Application Detection
ISSN NO:0377-9254
restrict application access to restricted APIs and method, they developed a model that calculates two
resources. For example, the Android ‘INTERNET’ scores called normal score and malicious score for
permission is required by apps to perform network every application and decides whether a particular
communications so, opening a network connection is application is malware or not. The most commonly used
restricted by the ‘INTERNET’ permission. properties in static and dynamic Android malware
Furthermore, an application must have the ‘READ detection are permissions and network traffic features
CONTACTS’ permission in order to read entries in a respectively. Static permissions cannot identify
user’sphonebook as well. To require a permission, the sophisticated malware, which is capable of update
developer specifies them using the Manifest file in attacks. And coming to dynamic network traffic, it
declaring a "" attribute. The "android : name" field cannot detect malware samples without a network
specifies the name of the permissionin the code. connection. Therefore, a hybrid model integrating both
1.3 PROJECT FEATURES of these properties is proposed. They extracted both
permissions and network traffic features and made them
A new method to detect malicious Android into a single vector. Using the K-medoids method, they
applications through machine learning techniques by partitioned the vectors into K clusters. And they used
analyzing the extracted permissions from the the K-Nearest Neighbours method, to classify whether
application itself. Features used to classify are the a particular application is malicious or not. They made
presence of tags uses-permission and uses-feature into sure that K is odd, just to make sure out of K nearest
the manifest as well as the number of permissions of neighbours, the count of malicious and benign
each application. These features are the permission neighbours is not the same. In another work, Zhenlong
requested individually and the «uses- feature» tag the Yuan et al. proposed a technique to associate static
possibility of detection malicious Android applications features with dynamic features and then classify the
based on permissions and 20 features from Android given android applications as malicious or safe. They
application packages. got the features they used as input to their model in three
II.LITERATURE SURVEY stages: • Static Phase • Sensitive APIs • Dynamic Phase
We studied the techniques that are proposed to Static phase includes the permissions that are obtained
identify Android malwares. In his work, Anshul et al. by unzipping the apk file and parsing xml files obtained
presented an idea to detect Android Malwares by later. Another file classes.dex accounts for the sensitive
Network traffic analysis. Their approach is used to api calls.
identify malware on Android that is operated by a III.SYSTEM ANALYSIS
remote server. These malwares either accept orders 3.1PROBLEM STATEMENT
from the server or leak sensitive data to it. First, they
Smartphones have become the most used device in
analyzed the network traffic of android malwares and
one’s day to day life. They facilitateusers with a variety
then the traffic of normal applications. They discovered
of applications that are enriched with powerful features.
the characteristics that distinguish malware traffic from
It is almost impossible for anyone these days to spend a
non-malware traffic.. And in the second phase, they
day without their smartphones. Out of allsmartphones,
built a classifier using these network traffic features
Android smartphones are the ones that are widely used.
which can detect the malwares. In another work, Anshul
This increasing popularity of Android smartphones has
et al. proposed a technique called the PermPair method.
also attracted malicious attackers. This malicious
They approached the goal by considering every pair of
activity can be done by either a single application or a
permissions as the possible input feature and finally
group of applications working together.The objective of
decided on each pair, if that combination is vulnerable.
this project is to create a model that can detect such
Their method includes data sets from 3 different sources
malicious applications.
called Genome ,Debris and Koodoos. Their approach
had 3 phases. In the first phase, they constructed 4
different graphs by extracting permission pairs from
each application. Out of the 4 graphs, 3 graphs are for 3.2 EXISTING SYSTEM
malwares and 1 graph is for benign applications. In the
Traditionally Numerous malware detection tools
second phase, they dealt with merging 3 malicious
have been developed, but some tools are may not able
graphs into a single malicious graph. At the end of this
to detect newly created malware application and
phase, they ended up with two graphs, one for malicious
unknown malware application infected by various
and one for benign. In the third and final phase of their
Trojan, worms, spyware. Detecting of large number of
malicious application over millions of android popularity. Web applications are used for web
application is still a challenging task using traditional mail, online retail sales, discussion boards,
way. In existing, Non machine learning way of weblogs, online banking, and more. One web
detecting the malicious application based on application can beaccessed and used by millions
characteristics, properties, behavioral. of people.
DISADVANTAGES OF THE EXISTING
SYSTEM
REFERENCES