Advanced SearchSearch Tips
Malware Classification System to Support Decision Making of App Installation on Android OS
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of KIISE
  • Volume 42, Issue 12,  2015, pp.1611-1622
  • Publisher : Korean Institute of Information Scientists and Engineers
  • DOI : 10.5626/JOK.2015.42.12.1611
 Title & Authors
Malware Classification System to Support Decision Making of App Installation on Android OS
Ryu, Hong Ryeol; Jang, Yun; Kwon, Taekyoung;
Although Android systems provide a permission-based access control mechanism and demand a user to decide whether to install an app based on its permission list, many users tend to ignore this phase. Thus, an improved method is necessary for users to intuitively make informed decisions when installing a new app. In this paper, with regard to the permission-based access control system, we present a novel approach based on a machine-learning technique in order to support a user decision-making on the fly. We apply the K-NN (K-Nearest Neighbors) classification algorithm with necessary weighted modifications for malicious app classification, and use 152 Android permissions as features. Our experiment shows a superior classification result (93.5% accuracy) compared to other previous work. We expect that our method can help users make informed decisions at the installation step.
android;malware;machine learning;information security;K-NN;permission;
 Cited by
NFC를 활용한 병원 회진 안내 시스템 개발에 관한 연구,이효승;오재철;

스마트미디어저널, 2016. vol.5. 3, pp.67-73
Yajin Zhou and Xuxian Jiang, "Dissecting Android Malware: Characterization and Evolution," Proc. IEEE Symp. Security and Privacy, pp. 95-109, May 2012.

Juniper Networks, 2011 Mobile Threats Report [Online], Available: (downloaded 2015, July 10)

IDC, Smartphone OS Market Share, Q1 2015 [Online], Available:

Veelasha Moonsamy, Jia Rong, Shaowu Liu, Gang Li, and Lynn Batten, "Contrasting Permission Patterns between Clean and Malicious Android Applications," Proc. Int. ICST Conf. SecureComm, pp. 69-85, Sep. 2013.

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy, "Privilege Escalation Attacks on Android," Proc. Int. Conf. Inform. Security, pp. 346-360, Oct. 2010.

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, and Bhargava Shastry, "Towards Taming Privilege-Escalation Attacks on Android," Proc. Internet Soc. Netw. Distrib. Syst. Security Symp. (NDSS), 2012.

Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner, "Android Permissions Demystified," Proc. ACM Conf. Comput. Commun. Security (CSS), pp. 627-638, Oct. 2011.

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner, "Android Permissions: User Attention, Comprehension, and Behavior," Proc. ACM Symp. Usable Privacy and Security (SOUPS), Jul. 2012.

Kihwan Kim and Taehyoun Kim, "Design and Implementation of a Flexible Application Permission Management Scheme on Android Platform," The KIPS transactions. Part C, Vol. 18-C, No. 3, pp. 151-156, Jun. 2011. (in Korean)

Youngbae Song, Geumhwan Cho, and Hyoungshick Kim, "Automatic Permission Grant Tool in Android Platform," 2014 Conference on Information Security and Cryptology-S, Jun. 2014. (in Korean)

M. Hettig, E. Kiss, J.-F. Kassel, S. Weber, M. Harbach, and M. Smith, "Visualizing Risk by Example: Demonstrating Threats Arising From Android Apps," Proc. ACM Symp. Usable Privacy and Security (SOUPS), Jul. 2013.

Hao Peng, Chris Gates, Bhaskar Sarma, Ninghui Li, Yuan Qi, Rahul Potharaju, Cristina Nita-Rotaru, and Ian Molloy, "Using Probabilistic Generative Models for Ranking Risks of Android Apps," Proc. ACM Conf. Comput. Commun. Security (CSS), pp. 241-252, Oct. 2012.

Arzt, Steven, et al., "FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps," Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation, 2014.

Lerch, Johannes, et al., "FlowTwist: Efficient Context- sensitive Inside-out Taint Analysis for Large Codebases," Proc. ACM SIGSOFT Symp. Foundations of Software Engineering (FSE), pp. 98-108, 2014.

Feng, Yu, et al., "Apposcopy: Semantics-based Detection of Android Malware Through Static Analysis," Proc. of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 2014.

Gordon, Michael I., et al., "Information-Flow Analysis of Android Applications in DroidSafe," Proc. Internet Soc. Netw. Distrib. Syst. Security Symp. (NDSS), pp. 576-587, 2015.

William Enck, Peter Gilber, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," ACM Tran. Comp. System, Volume 32, Issue 2, pp. 1-29, Jun. 2014.

The Honeynet Project [Online], Available:

Yan, Lok-Kwong, and Heng Yin, "DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis," Proc. 21st USENIX Conf. on Security Symp., pp. 569-584, 2012.

Tam, Kimberly, et al., "CopperDroid: Automatic Reconstruction of Android Malware Behaviors," Proc. Internet Soc. Netw. Distrib. Syst. Security Symp. (NDSS), 2015.

Schultz, M.G., Eskin, E., Zadok, E., and Stolfo, S.J., "Data mining methods for detection of new malicious executables," Proc. IEEE Symp. Security and Privacy, pp. 38-49, May 2001.

Asaf Shabtai, Yuval Fledel, and Yuval Elovici "Automated Static Code Analysis for Classifying Android Applications Using Machine Learning," Proc. Int. Conf. Computational Intelligence and Security, Dec. 2010.

Borja Sanz, Igor Santos, Carlos Laorden, Xabier Ugarte-Pedrero, Pablo Garcia Bringas, and Gonzalo Alvarez, "PUMA: Permission Usage to Detect Malware in Android," Int. Conf. Complex, Intelligent, and Software Intensive Systems, Jul. 2012.

Chun-Ying Huang, Yi-Ting Tsai, and Chung-Han Hsu, "Performance Evaluation on Permission-Based Detection for Android Malware," Proc. Int. Computer Symp., Dec. 2012.

Zarni Aung and Win Zaw, "Permission-Based Android Malware Detection," International Journal Of Scientific & Technology Research, Vol. 2, Issue 3, pp. 228-234, Mar. 2013.

Yerima, S.Y., Sezer, S., McWilliams, G. and Muttik, I., "A New Android Malware Detection Approach Using Bayesian Classification," Proc. IEEE Conf. Advanced Information Networking and Applications, pp. 121-128, Mar. 2013.

Gerardo Canfora, Francesco Mercaldo, Corrado Aaron Visaggio, "A classifier of Malicious Android Applications," Proc. Int. Conf. Availability, Reliability and Security, Sep. 2013.

Ming-Yang Su and Wen-Chuan Chang, "Permissionbased Malware Detection Mechanisms for Smart Phones," Proc. Int. Conf. Inform. Networking, pp. 449- 452, Feb. 2014.

Xiong Ping, Wang Xiaofeng, Niu Wenjia, Zhu Tianqing, and Li Gang, "Android Malware Detection with Contrasting Permission Patterns," China Communications, Vol. 11, Issue 8, pp. 1-14, Aug. 2014. crossref(new window)

Hye Lim Lee, Soohee Jang, and Ji Won Yoon, "Efficient Malware Detector for Android Devices," Journal of Korea Institute of Information Security and Cryptology, Vol. 24, No. 4, pp. 617-624, Aug. 2014. (in Korean) crossref(new window)

Contagio Malware dump [Online], Available: http:// (downloaded 2015, July 10)