Android Malware Detection (AMD) Based on Shallow Feature and Permission Correlation

Abstract

There are apps for everything, from online banking, social software to shopping. They have become one of the most important tools in our daily lives. This even implies that a mobile device has stored most of personal information, including photos, credit cards, and communications. If an intruder succeeds in hacking into the mobile device, all private properties must suffer from the leakage threats. Undoubtedly, a malware is the commonest tool used by an attacker to compromise a mobile phone. In particular, it is often disguised as a popular application through an obfuscated or packed form. That is the main reason why it is difficult to distinguish a malware from the legal ones. In this article, we have adopted machine learning technique to develop a static analysis mechanism for Android malware detection based on shallow feature and permission correlation (AMD). AMD first analyses the Application Programming Interfaces of the target to detect all possible and hidden privilege threats. It then filters this obfuscation information using permission correlation to eliminate noise and identify meaningful malicious indicators. The proposed approach leverages the correlation patterns between permissions and API calls to distinguish suspicious behaviours from legitimate ones. Thus, AMD can extract all the representative shallow features to achieve the high detection rate. Simulation results have shown that AMD can outperform related works under the datasets of CICAndMal2017 and CICMalDroid2020, which confirms the effectiveness of shallow features and permission correlation.