PROTOTYPE AND EXPERIMENTAL RESULTS
We built a prototype application to demonstrate proof of the concept. The application is built using Java platform. Java Swing API is used to have intuitive user interface while the IO mechanisms are used to deal with file handling. The detection of malware is preceded by the classifier building with proposed pruning approach.
FIGURE 2: Shows Android mobile app permissions
As can be shown in Figure 2, there are around 135 Android permissions taken as initial input. Afterwards based on the significance in detecting malware, they are pruned further.
FIGURE 3: After completion of pruning the remaining permission are given ranking
As shown in Figure 3, it is evident that every permission is given ranking. The permissions that remained after pruning process are considered to give ranking.
We evaluated the proposed methodology with an empirical study. The detection accuracy of different algorithms is presented in Table 1.
Algorithms Detection Accuracy
TABLE 1: Detection accuracy comparison
As can be seen in Table 1, the detection accuracy of the algorithm is compared. The proposed algorithm exhibited 0.97 accuracy in detection of malware. It is comparatively better performance when ICFS, J48 and LibSVM are considered FIGURE 4: Malware detection accuracy
As presented in Figure 3, it is evident that there are many classifiers compared with the proposed one. The LibSVM showed lest accuracy while proposed method showed highest accuracy.
No. of Features Precision Recall
5 91.29% 83.90%
10 90.21% 90.24%
15 90.21% 91.21%
20 90.47% 91.65%
25 90.64% 91.77%
30 91.27% 90.58%
35 91.83% 90.05%
40 96.28% 86.19%
45 96.28% 85.94%
50 96.34% 85.82%
55 96.35% 85.80%
135 98.81% 83.73%
TABLE: Evaluation of the proposed algorithm
The proposed algorithm is evaluated with measures like precision and recall. A shown in Table 2, the precision and recall values are presented against number of features considered.
FIGURE 5: Precision and recall of the proposed algorithm against number of features
As can be seen in Figure 4, the number of features is presented in horizontal axis. The values are taken from 5 to 135 incremental by 5 gradually. The precision and recall values showed in vertical axis are showing the performance of the proposed method. The precision and recall will have tradeoffs. It does mean that when precision is decreasing recall increase and vice versa.
CONCLUSION AND FUTURE WORK
Android malware became potential risk to smart phone applications. The rationale behind this is the unprecedented popularity of Android platform for mobile phones. In this paper we studied different Android malware detection approaches in the literature and found the need for an approach that is cost effective besides increasing accuracy of prediction. We proposed a framework for building a classifier that takes care of malware detection. The proposed approach is based on the permissions of Android mobile apps. We proposed an algorithm known as Permission Significance-based Pruning for Android Malware Detection (PSP-AMD) that identifies significance of permissions based on the given dataset and perform pruning and ranking in order to build a final model that can be used to detect Android malware. Experiments are made with malware dataset collected from VirusTotal. We built a prototype application to demonstrate proof of the concept. The empirical results revealed that the proposed solution is effective in detection of Android malware. In future we investigate further in the permission pruning and ranking to optimize our solution. We also find it interested to work with other datasets to generalize our findings.