PUMA: Permission Usage to Detect Malware in Android

  • Borja SanzEmail author
  • Igor Santos
  • Carlos Laorden
  • Xabier Ugarte-Pedrero
  • Pablo Garcia Bringas
  • Gonzalo Álvarez
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 189)


The presence of mobile devices has increased in our lives offering almost the same functionality as a personal computer. Android devices have appeared lately and, since then, the number of applications available for this operating system has increased exponentially. Google already has its Android Market where applications are offered and, as happens with every popular media, is prone to misuse. In fact, malware writers insert malicious applications into this market, but also among other alternative markets. Therefore, in this paper, we present PUMA, a new method for detecting malicious Android applications through machine-learning techniques by analysing the extracted permissions from the application itself.


malware detection machine learning Android mobile malware 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Schultz, M., Eskin, E., Zadok, F., Stolfo, S.: Data mining methods for detection of new malicious executables. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 38–49 (2001)Google Scholar
  2. 2.
    Devesa, J., Santos, I., Cantero, X., Penya, Y.K., Bringas, P.G.: Automatic Behaviour-based Analysis and Classification System for Malware Detection. In: Proceedings of the 12th International Conference on Enterprise Information Systems (ICEIS), pp. 395–399 (2010)Google Scholar
  3. 3.
    Santos, I., Nieves, J., Bringas, P.G.: Semi-supervised learning for unknown malware detection. In: Proceedings of the 4th International Symposium on Distributed Computing and Artificial Intelligence (DCAI), 9th International Conference on Practical Applications of Agents and Multi-Agent Systems (PAAMS), pp. 415–422 (2011)Google Scholar
  4. 4.
    Santos, I., Laorden, C., Bringas, P.G.: Collective classification for unknown malware detection. In: Proceedings of the 6th International Conference on Security and Cryptography (SECRYPT), pp. 251–256 (2011)Google Scholar
  5. 5.
    Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences (in press), doi:10.1016/j.ins.2011.08.020Google Scholar
  6. 6.
    Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and Classification of Malware Behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Tian, R., Batten, L., Islam, R., Versteeg, S.: An automated classification system based on the strings of trojan and virus families. In: 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 23–30. IEEE (2009)Google Scholar
  8. 8.
    Shabtai, A., Fledel, Y., Elovici, Y.: Automated Static Code Analysis for Classifying Android Applications Using Machine Learning. In: 2010 International Conference on Computational Intelligence and Security, pp. 329–333 (December 2010)Google Scholar
  9. 9.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)Google Scholar
  10. 10.
    Blasing, T., Batyuk, L., Schmidt, A., Camtepe, S., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 55–62. IEEE (2010)Google Scholar
  11. 11.
    Shabtai, A., Elovici, Y.: Applying Behavioral Detection on Android-Based Devices. In: Cai, Y., Magedanz, T., Li, M., Xia, J., Giannelli, C. (eds.) Mobilware 2010. LNICST, vol. 48, pp. 235–249. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Oberheide, J., Miller, J.: Dissecting the android bouncer (2012)Google Scholar
  13. 13.
    Bishop, C.: Pattern recognition and machine learning. Springer, New York (2006)zbMATHGoogle Scholar
  14. 14.
    Kohavi, R.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: International Joint Conference on Artificial Intelligence, vol. 14, pp. 1137–1145 (1995)Google Scholar
  15. 15.
    Singh, Y., Kaur, A., Malhotra, R.: Comparative analysis of regression and machine learning methods for predicting fault proneness models. International Journal of Computer Applications in Technology 35(2), 183–193 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Borja Sanz
    • 1
    Email author
  • Igor Santos
    • 1
  • Carlos Laorden
    • 1
  • Xabier Ugarte-Pedrero
    • 1
  • Pablo Garcia Bringas
    • 1
  • Gonzalo Álvarez
    • 2
  1. 1.S3LabUniversity of DeustoBilbaoSpain
  2. 2.Instituto de Física AplicadaConsejo Superior de Investigaciones Científicas (CSIC)MadridSpain

Personalised recommendations