Android malware classification based on ANFIS with fuzzy c-means clustering using significant application permissions

Mobile phones have become an essential part of our lives because we depend on them to perform many tasks, and they contain personal and important information. The continuous growth in the number of Android mobile applications resulted in an increase in the number of malware applications, which are real threats and can cause great losses. There is an urgent need for efficient and effective Android malware detection techniques. In this paper, we present an adaptive neuro-fuzzy inference system with fuzzy c-means clustering (FCM-ANFIS) for Android malware classification. The proposed approach utilizes the FCM clustering method to determine the optimum number of clusters and cluster centers, which improves the classification accuracy of the ANFIS. The most significant permissions used in the Android application selected by the information gain algorithm are used as input to the proposed approach (FCM-ANFIS) to classify applications as either malware or benign applications. The experimental results show that the proposed approach (FCM-ANFIS) achieves the highest classification accuracy of 91%, with lowest false positive and false negative rates of 0.5% and 0.4%, respectively.

PDF

___

[1] Yang HC, Chang WC. Ubiquitous smartphone platform for K-7 students learning geography in Taiwan. Multimed Tools Appl (in press).
[2] Yu S, Gu G, Barnawi A, Guo S, Stojmenovic I. Malware propagation in large-scale networks. IEEE T Knowl Data Eng 2015; 27: 170-179.
[3] Speed T, Nykamp D, Anderson J, Nampalli J, Heiser M. Mobile Security: How to Secure, Privatize, and Recover Your Devices. Birmingham, UK: Packt Publishing, 2013.
[4] Huang CY, Tsai YT, Hsu CH. Performance evaluation on permission-based detection for android malware. In: Advances in Intelligent Systems and Applications; 2013. Berlin, Germany: Springer, pp. 111-120.
[5] Rai PO. Android Application Security Essentials. Birmingham, UK: Packt Publishing, 2013.
[6] Amos B, Turner H, White J. Applying machine learning classifiers to dynamic android malware detection at scale. In: 2013 9th International Wireless Communications and Mobile Computing Conference; 1 July 2013; Cagliari, Italy. New York, NY, USA: IEEE. pp. 1666-1671.
[7] Grace M, Zhou Y, Zhang Q, Zou S, Jiang X. Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services; 25 June 2012; Low Wood Bay, UK. New York, NY, USA: ACM. pp. 281-294.
[8] Abdulla S, Altaher A. Intelligent approach for Android malware detection. KSII Transactions on Internet and Information Systems 2015; 9: 2964-2983.
[9] Gibler C, Crussell J, Erickson J, Chen H. AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: International Conference on Trust and Trustworthy Computing; 13 June 2012; Vienna, Austria. Berlin, Germany: Springer. pp. 291-307.
[10] Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y. Andromaly: A behavioral malware detection framework for android devices J Intell Inf Syst 2012; 38: 161-190.
[11] Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K. DREBIN: Effective and explainable detection of android malware in your pocket. In: Network and Distributed System Security Symposium; 23 February 2014; San Diego, CA, USA.
[12] Fuchs AP, Chaudhuri A, Foster JS. SCAndroid: Automated Security Certification of Android Applications. Technical Report CS-TR-4991. College Park, MD, USA: Department of Computer Science, University of Maryland, 2009.
[13] Shabtai A, Moskovitch R, Elovici Y, Glezer C. Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Technical Report 2009; 14: 16-29.
[14] Xiong P, Wang X, Niu W, Zhu T, Li G. Android malware detection with contrasting permission patterns. China Commun 2014; 11: 1-14.
[15] Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM T Comput Syst 2014; 32: 5.
[16] Rastogi V, Chen Y, Jiang X. Droidchameleon: evaluating android anti-malware against transformation attacks. In: 8th ACM SIGSAC Symposium on Information, Computer and Communications Security; 2013. New York, NY, USA: ACM. pp. 329-334.
[17] Cimpoe M, Anton D, Ciortuz L. Malware detection using machine learning. In: 2009 International Multiconference on Computer Science and Information Technology; 1214 October 2009; Mragowo, Poland. New York, NY, USA: IEEE. pp. 735-741.
[18] Santos I, Nieves J, Bringas PG. Semi-supervised learning for unknown malware detection. In: International Symposium on Distributed Computing and Artificial Intelligence. Berlin, Germany: Springer, 2011. pp. 415-422.
[19] Firdausi I, Erwin A, Nugroho AS. Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control and Telecommunication Technologies; 23 December 2010; Jakarta, Indonesia. New York, NY, USA: IEEE. pp. 201-203.
[20] Zhou Y, Jiang X. Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy; 2023 May 2012; San Francisco, CA, USA. New York, NY, USA: IEEE. pp. 95-109.
[21] Yang C, Xu Z, Gu G, Yegneswaran V, Porras P. Droidminer: Automated mining and characterization of finegrained malicious behaviors in android applications. In: European Symposium on Research in Computer Security; 7 September 2014; Wroclaw, Poland. pp. 163-182.
[22] Zhang M, Duan Y, Yin H, Zhao Z. Semantics-aware android malware classification using weighted contextual API dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security; 3 November 2014; Scottsdale, AZ, USA. New York, NY, USA: ACM. pp. 1105-1116.
[23] Burguera I, Zurutuza U, Nadjm-Tehrani S. Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile Devices; 17 October 2011; Chicago, IL, USA. New York, NY, USA: ACM. pp. 15-26.
[24] Bezdek JC. Pattern Recognition with Fuzzy Objective Function Algorithms. Dordrecht, the Netherlands: Kluwer Academic Publishers, 1981.
[25] Jang JS. ANFIS: Adaptive-network-based fuzzy inference system. IEEE T Syst Man Cyb 1993; 23: 665-685.
[26] Santos I, Brezo F, Ugarte-Pedrero X, Bringas PG. Opcode sequences as representation of executables for datamining-based unknown malware detection. Inform Sciences 2013; 231: 64-82.
[27] Jeon J, Micinski KK, Vaughan JA, Fogel A, Reddy N, Foster JS, Millstein T. Dr. Android and Mr. Hide: finegrained permissions in android applications. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices; 19 October 2012; Raleigh, NC, USA. New York, NY, USA: ACM. pp. 3-14.
[28] Feizollah A, Anuar NB, Salleh R, Wahab AW. A review on feature selection in mobile malware detection. Digit Invest 2015; 13: 22-37.
[29] Mori T. Information gain ratio as term weight: the case of summarization of IR results. In: Proceedings of the 19th International Conference on Computational Linguistics; 24 August 2002; Taipei, Taiwan. pp. 1-7.
[30] Singh R, Kainthola A, Singh TN. Estimation of elastic constant of rocks using an ANFIS approach. Appl Soft Comput 2012; 12: 40-45.
[31] Kasabov NK, Song Q. DENFIS: dynamic evolving neural-fuzzy inference system and its application for time-series prediction. IEEE T Fuzzy Syst, 2002; 10: 144-154.