MULTIPLE ANDROID PACKAGE FILES EXTRACTOR IN MINING REQUEST PERMISSIONS AND API CALLS

A. Aminordin, M.A. Faizal, Y. Robiah, A. Mukhlis, F. Arif

Abstract


Android smartphone has the highest demand in the world due to the ability of the devices and the open source software concept. Numbers of Android applications are increasing as to fulfill users and businesses’ needs. Not only Android gains huge business return but its applications has also become the target of attackers. One of the approaches to investigate and detect malware is through a reverse engineering technique where the profile parameters are extracted. The process of reversing Android execute file (.apk) individually takes a long time. Other than having used several tools, the approach leaves open the possibility of misconduct during the mining of necessary source codes. Therefore, an Android permissions and Application Programming Interface (API) calls extractor tool were developed for Android mobile devices apps. This tool had the capability to record all request permissions and required API calls inside the AndroidManifest.xml and classes.dex made to App executable file. In addition, the automatic feature of the tool allowed for the recording of the permission and API calls more than one Android Package Kit (APK) files at a time. MAPE (Multiple Android Package Extractor) was developed using Node.js. Currently, researchers either disclose mining techniques or use existing tools manually. MAPE used a sequential search in Depth First Search (DFS) technique to accomplish the operation. This tool can shorten the researchers’ processing time on retrieving request permissions and targeting API calls. The output produced by MAPE can be used for several purposes such as Apps categorization and malware detection.

Full Text:

PDF

References


A. Sharma and S. K. Dash, “Mining API Calls and Permissions for Android Malware Detection,” in International Conference on Cryptology and Network Security, Crete, Greece, 2014, pp. 191–205.

D. Uppal, V. Mehra and V. Verma, “Basic survey on Malware Analysis, Tools and Techniques”, International Journal on Computational Science & Applications, vol. 4, no. 1, pp. 103–112, 2014.

R. Raveendranath, V. Rajamani, A. J. Babu and S. K. Datta, “Android malware attacks and countermeasures: Current and future directions,” in International Conference on Control, Instrumentation, Commumincation and Computational Technology, Kanyakumari, India, 2014, pp. 137–143.

W. Zhou, Y. Zhou, X. Jiang and P. Ning, “Detecting repackaged smartphone applications in third-party android marketplaces,” in Second ACM conference on Data and Application Security and Privacy, Texas, USA, 2012 pp. 317-326, 2012.

M. Spreitzenbarth, T. Schreck, F. Echtler, D. Arp and J. Hoffmann, “Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques”, International Journal of Information Security, vol. 14, no. 2, pp. 141–153, 2015.

A. Feizollah, N. B. Anuar, R. Salleh and A. W. A. Wahab, “A review on feature selection in mobile malware detection”, Digital Investigation, vol. 13, pp. 22–37, 2015.

Z. Fang, W. Han and Y. Li, “Permission based Android security: Issues and countermeasures”, Computer Security, vol. 43, pp. 205–218, 2014.

S. Feldman, D. Stadther and B. Wang, “Manilyzer: Automated Android malware detection through manifest analysis,” in International Conference on Mobile Ad Hoc and Sensor Systems, Philadelphia, USA, 2015, pp. 767–772.

T. Kanda, Y. Manabe, T. Ishio, M. Matsushita and K. Inoue, “Semi-automatically extracting features from source code of android applications”, Transactions on Information and Systems, vol. E96–D, no. 12, pp. 2857–2859, 2013.

M. Frank, B. Dong, A. P. Felt and D. Song, “Mining Permission Request Patterns for Malicious Android Applications,” in International Conference on Data Mining, Brussels, Belgium, 2012, pp. 870–875.

K. Wain, Y. Au, Y. F. Zhou, Z. Huang and D. Lie, “PScout : Analyzing the Android Permission Specification,” in 2012 ACM conference on Computer and communications security, North Carolina, USA, 2012, pp. 217–228.

M. Linares-Vasquez, C. McMillan, D. Poshyvanyk and M. Grechanik, “On using machine learning to automatically classify software applications into domain categories”, Empirical Software Engineering, vol. 19, no. 3, pp. 582–618, 2014.

B. Olabenjo. (2016). Applying Naive Bayes Classification to Google Play Apps Categorization [Online].

Available: https://arxiv.org/pdf/1608.08574.pdf

S. M. A. Ghani, M. F. Abdollah, R. Yusof and M. Zaki, “Recognizing API Features for Malware Detection Using Static Analysis”, Journal of Wireless Networking and Communications, vol. 5, no. 2A, pp. 6–12, 2015.

P. Pearce, A. P. Felt, G. Nunez and D. Wagner, “AdDroid: Privilege separation for applications and advertisers in android,” in 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Korea, 2012, pp. 71–72.

Y. Zhongyang, Z. Xin, B. Mao and L. Xie, “DroidAlarm: An all-sided static analysis tool for Android privilege-escalation malware,” in 8th Symposium on Information, Computer and Communications Security, Hangzhou, China, 2013, pp. 353–358.

P. P. K. Chan and W. K. Song, “Static detection of Android malware by using permissions and API calls,” in International Conference on Machine Learning and Cybernetics, Lanzhou, 2014, pp. 82–87.

N. Peiravian and X. Zhu, “Machine learning for Android malware detection using permission and API calls,” in IEEE 25th International Conference on Tools with Artificial Intelligence, Herndon, USA, 2013, pp. 300–305.

Q. Qian, J. Cai and R. Zhang, “Android Malicious Behavior Detection Based on Sensitive API Monitoring,” in Advanced Science and Technology Letter, Jeju Island, Korea, 2013, pp. 54–57.

H. Zeng, Y. A. N. Ren, Q. Wang, N. He and X. Ding, “Detecting Malware and Evaluating Risk of App Using Android Permission-Api System,” in 11th International Computer Conference on Wavelet Active Media Technology and Information Processing, Chengdu, China, 2014, pp. 440–443.

X. Wang, J. Wang and Z. Xiaolan, “A Static Android Malwar Detection Based on Actual Used Permissions Combination and API Calls”, International Journal of Computer, Electrical, Automation, Control and Information Engineering, vol. 10, no. 9, pp. 1486–1493, 2016.

H. Zhong, T. Xie, L. Zhang, J. Pei and H. Mei, “MAPO: Mining and Recommending API Usage Patterns,” in Genoa Proceedings of the 23rd European Conference, Genoa, Italy, 2009, pp. 318–343.

D. J. Wu, C. H. Mao, T. E. Wei, H. M. Lee and K. P. Wu, “DroidMat: Android malware detection through manifest and API calls tracing,” in 7th Asia Joint Conference on Information Security, Tokyo, Japan, 2012, pp. 62–69.

K. Iwamoto and K. Wasaki, “Malware classification based on extracted API sequences using static analysis,” in Asian Internet Engineeering Conference, Bangkok, Thailand, 2012 , pp. 31–38.

M. Zhao, T. Zhang, J. Wang and Z. Yuan, “A smartphone malware detection framework based on artificial immunology”, Journal of Networks, vol. 8, no. 2, pp. 469–476, 2013.

Y. Xiaohui, S. Yubo and C. Fei, “Android S Sensitive Data Leakage Detection Based on Api Monitoring,” in Fifth International Conference on Multimedia Information Networking and Security, Beijing, China, 2013, pp. 907–910.

U. Pehlivan, N. Baltaci, C. Acarturk and N. Baykal, “The Analysis of Feature Selection Methods and Classification Algorithms in Permission Based Android Malware Detection,” in IEEE Symposium on Computational Intelligence in Cyber Security, Florida, USA, 2014, pp. 1–8.

V. Grampurohit and V. Kumar, “Category Based Malware Detection for Android,” in Security in Computing and Communications, Delhi, India , 2014, pp. 239–249.

J. Jeon, K.K Micinski, J.A Vaughan, A. Fogel, N. Reddy, J.S Foster, T. Millstein “Dr. Android and Mr. Hide: fine-grained permissions in android applications,” in Second ACM workshop on Security and Privacy in Smartphones and Mobile Devices, Raleigh, USA, 2012, pp. 3–14.

D. Upadhyay, M. Munghate, S. Dharbey, and A. Bondre, “Detecting Malicious Behavior of Android Applications”, International Journal of Science Technology & Engineering, vol. 2, no. 10, pp. 663–668, 2016.

P. Rovelli and Y. Vigfusson, “PMDS : Permission-based Malware Detection System,” in 10th International Conference on Information Systems Security, Hyderabad, India, 2014, pp. 338–357.

J. H. Reif, “DFS is Inherently Sequential”, Information Processing Letter, vol. 20, no. 5, pp. 229–234, 1985.

D. E. Knuth, “Sorting and Searching: The Art of Computer Programming. Reading, MA: Addison-Wesley Professional, 1998.




© Journal of Advanced Manufacturing Technology