Leveraging ontologies and machine-learning techniques for malware analysis into Android permissions ecosystems

Smartphones form a complex application ecosystem with a myriad of components, properties, and interfaces that produce an intricate relationship network. Given the intrinsic complexity of this system, we hereby propose two main contributions. First, we devise a methodology to systematically determine...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 78; pp. 429 - 453
Main Authors Navarro, Luiz C., Navarro, Alexandre K.W., Grégio, André, Rocha, Anderson, Dahab, Ricardo
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.09.2018
Elsevier Sequoia S.A
Subjects
Android permissions
Applications programs
Artificial intelligence
Bags of graphs
Complexity
Cybersecurity
Discriminant features
Graph theory
Machine learning
Malware
Nodes
Ontology
Smartphones
Android permissions
Malware
Discriminant features
Bags of graphs
Ontology
Machine learning
Online AccessGet full text

Cover

More Information
Summary:Smartphones form a complex application ecosystem with a myriad of components, properties, and interfaces that produce an intricate relationship network. Given the intrinsic complexity of this system, we hereby propose two main contributions. First, we devise a methodology to systematically determine and analyze the complex relationship network among components, properties, and interfaces associated with the permission mechanism in Android ecosystems. Second, we investigate whether it is possible to identify characteristics shared by malware samples at this high level of abstraction that could be leveraged to unveil their presence. We propose an ontology-based framework to model the relationships between application and system elements, together with a machine-learning approach to analyze the complex network that arises therefrom. We represent the ontological model for the considered Android ecosystem with 4570 apps through a graph with some 55,000 nodes and 120,000 edges. Experiments have shown that a classifier operating on top of this complex representation can achieve an accuracy of 88% and precision of 91% and is capable of identifying and determining 24 features that correspond to 70 important graph nodes related to malware activity, which is a remarkable feat for security.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2018.07.013