Abstract
In order to detect Android malware more effectively, an Android malware detection model was proposed based on improved naive Bayes classification. Firstly, considering the unknown permission that may be malicious in detection samples, and in order to improve the Android detection rate, the algorithm of malware detection is proposed based on improved naive Bayes. Considering the limited training samples, limited permissions, and the new malicious permissions in the test samples, we used the impact of the new malware permissions and training permissions as the weight. The weighted naive Bayesian algorithm improves the Android malware detection efficiency. Secondly, taking into account the detection model, we proposed a detection model of permissions and information theory based on the improved naive Bayes algorithm. We analyzed the correlation of the permission. By calculating the Pearson correlation coefficient, we determined the value of Pearson correlation coefficient r, and delete the permissions whose value r is less than the threshold \(\rho \) and get the new permission set. So, we got the improved detection model by clustering based on information theory. Finally, we detected the 1725 Android malware and 945 non malicious application of multiple data sets in the same simulation environment. The detection rate of the improved the naive Bayes algorithm is 86.54%, and the detection rate of the non-malicious application is increased to 97.59%. Based on the improved naive Bayes algorithm, the false detection rate of the improved detection model is reduced by 8.25%.
Similar content being viewed by others
References
Shabtai, A., Elovici, Y.: Applying behavioral Ddetection on Android-based devices. In: Mobile Wireless Middleware, Operating Systems, and Applications. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pp. 235–249. Springer, Heidelberg (2010)
Appbrain: Number of Android applications. http://www.appbrain.com/stats/num-ber-of-android-apps (2013)
Wen, W.P., Mei, R., Ning, G., et al.: Malware detection technology analysis and applied research of android platform. J. Commun. 35(8), 79–94 (2014)
Zhang, Yuqing, Fang, Zhejun, Wang, Kai, et al.: Survey of Android vulnerability detection. J. Compu. Res. Dev. 52(10), 2167–2177 (2015)
Li, Ting, Dong, Hang, Wang, Chunyang, et al.: Description of Android malware feature based on Dalvik instructions. J. Compu. Res. Dev. 51(7), 1458–1466 (2014)
Jiao, Sibei, Ying, Lingyun, Yang, Zhi, et al.: An anti-obfuscation method for detecting similarity among Android applications in large scale. J. Compu. Res. Dev. 51(7), 1446–1457 (2014)
Cen, L., Gates, C.S., Si, L.: A probabilistic discriminative model for Android malware detection with decomplied source code. In: Proceedings of IEEE Transaction on Dependable and Secure Computing, pp. 400–412. (2015)
Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: Android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21, 114–123 (2016)
Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: IEEE ICC 2014-Mobile and Wireless and Wireless Networking Symposium, pp. 2301–2306. IEEE (2014)
Xiangyu, JU.: Android malware detection though permission and package. In: Proceedings of the 2014 International Conference on Wavelet Analysis and Pattern Recognition, pp. 61–65. Lanzhou (2014)
Luo, Yang, Zhang, Qixun, et al.: Android multi-level system permission management approach. J. Softw. 26(2), 263–271 (2015)
Wang, H.Y., Wang, Z.Y., Guo, Y., et al.: Detecting repackaged Android applications based on code clone detection technique. SCI. SIN. Inf. 44(1), 142–157 (2014). (in Chinese with English abstract)
Sarwar, G., Mehani, O., Boreli, R., et al.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In: Proceedings of the 10th International Conference on Security and Cryptography, pp. 461–468. Springer-Verlag, Heidelberg (2013)
Xu, Y., Wu, C., Hou, M., et al.: Android malware detection technology based on improved naïve Bayesian. J. Beijing Univ. Posts Telecommun. (2016). doi:10.13190/j.jbupt.2016.02.009
Liu, X., Liu, J.: A two-layered permission-based Android malware detection scheme. In: Proceedings of 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), pp. 142–148. IEEE (2014)
Glodek, W., Harang. R.: Rapid permissions-based detection and analysis of mobile malware using random decision forests. In: Proceedings of Military Communications Conference, MILCOM 2013–2013, pp. 980–985. IEEE (2013)
Alberge, Florence: On some properties of the mutual information between extrinsics with application to iterative decoding. IEEE Trans. Commun. 63(5), 1541–1553 (2015)
Chan, P.P., Song, W.: Static detection of Android malware by using permission and API calls[. In: Proceedings of the 2014 International Conference, pp. 82–87. IEEE (2014)
Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: Proceedings of the IEEE ICC 2014–Mobile and Wireless Networking Symposium, pp. 2301–2306. IEEE (2014)
Yang, Huan, Zhang, Yuqing, Yupu, Hu, et al.: Android malware detection method based on permission sequential pattern mining algorithm. J. Commun. 34(Z1), 106–115 (2013)
Acknowledgements
The author would like to thank the Chongqing Basic and Frontier Research Project under Grant NO. cstc2016jcyjA0590. The work is partly funded by the National Nature Science Foundation of China (No. 61672004).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Shang, F., Li, Y., Deng, X. et al. Android malware detection method based on naive Bayes and permission correlation algorithm. Cluster Comput 21, 955–966 (2018). https://doi.org/10.1007/s10586-017-0981-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-0981-6