Skip to main content
Log in

Android malware detection method based on naive Bayes and permission correlation algorithm

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

In order to detect Android malware more effectively, an Android malware detection model was proposed based on improved naive Bayes classification. Firstly, considering the unknown permission that may be malicious in detection samples, and in order to improve the Android detection rate, the algorithm of malware detection is proposed based on improved naive Bayes. Considering the limited training samples, limited permissions, and the new malicious permissions in the test samples, we used the impact of the new malware permissions and training permissions as the weight. The weighted naive Bayesian algorithm improves the Android malware detection efficiency. Secondly, taking into account the detection model, we proposed a detection model of permissions and information theory based on the improved naive Bayes algorithm. We analyzed the correlation of the permission. By calculating the Pearson correlation coefficient, we determined the value of Pearson correlation coefficient r, and delete the permissions whose value r is less than the threshold \(\rho \) and get the new permission set. So, we got the improved detection model by clustering based on information theory. Finally, we detected the 1725 Android malware and 945 non malicious application of multiple data sets in the same simulation environment. The detection rate of the improved the naive Bayes algorithm is 86.54%, and the detection rate of the non-malicious application is increased to 97.59%. Based on the improved naive Bayes algorithm, the false detection rate of the improved detection model is reduced by 8.25%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Shabtai, A., Elovici, Y.: Applying behavioral Ddetection on Android-based devices. In: Mobile Wireless Middleware, Operating Systems, and Applications. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pp. 235–249. Springer, Heidelberg (2010)

  2. Appbrain: Number of Android applications. http://www.appbrain.com/stats/num-ber-of-android-apps (2013)

  3. Wen, W.P., Mei, R., Ning, G., et al.: Malware detection technology analysis and applied research of android platform. J. Commun. 35(8), 79–94 (2014)

    Google Scholar 

  4. Zhang, Yuqing, Fang, Zhejun, Wang, Kai, et al.: Survey of Android vulnerability detection. J. Compu. Res. Dev. 52(10), 2167–2177 (2015)

    Google Scholar 

  5. Li, Ting, Dong, Hang, Wang, Chunyang, et al.: Description of Android malware feature based on Dalvik instructions. J. Compu. Res. Dev. 51(7), 1458–1466 (2014)

    Google Scholar 

  6. Jiao, Sibei, Ying, Lingyun, Yang, Zhi, et al.: An anti-obfuscation method for detecting similarity among Android applications in large scale. J. Compu. Res. Dev. 51(7), 1446–1457 (2014)

    Google Scholar 

  7. Cen, L., Gates, C.S., Si, L.: A probabilistic discriminative model for Android malware detection with decomplied source code. In: Proceedings of IEEE Transaction on Dependable and Secure Computing, pp. 400–412. (2015)

  8. Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: Android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21, 114–123 (2016)

    Article  Google Scholar 

  9. Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: IEEE ICC 2014-Mobile and Wireless and Wireless Networking Symposium, pp. 2301–2306. IEEE (2014)

  10. Xiangyu, JU.: Android malware detection though permission and package. In: Proceedings of the 2014 International Conference on Wavelet Analysis and Pattern Recognition, pp. 61–65. Lanzhou (2014)

  11. Luo, Yang, Zhang, Qixun, et al.: Android multi-level system permission management approach. J. Softw. 26(2), 263–271 (2015)

    Google Scholar 

  12. Wang, H.Y., Wang, Z.Y., Guo, Y., et al.: Detecting repackaged Android applications based on code clone detection technique. SCI. SIN. Inf. 44(1), 142–157 (2014). (in Chinese with English abstract)

    Google Scholar 

  13. Sarwar, G., Mehani, O., Boreli, R., et al.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In: Proceedings of the 10th International Conference on Security and Cryptography, pp. 461–468. Springer-Verlag, Heidelberg (2013)

  14. Xu, Y., Wu, C., Hou, M., et al.: Android malware detection technology based on improved naïve Bayesian. J. Beijing Univ. Posts Telecommun. (2016). doi:10.13190/j.jbupt.2016.02.009

  15. Liu, X., Liu, J.: A two-layered permission-based Android malware detection scheme. In: Proceedings of 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), pp. 142–148. IEEE (2014)

  16. Glodek, W., Harang. R.: Rapid permissions-based detection and analysis of mobile malware using random decision forests. In: Proceedings of Military Communications Conference, MILCOM 2013–2013, pp. 980–985. IEEE (2013)

  17. Alberge, Florence: On some properties of the mutual information between extrinsics with application to iterative decoding. IEEE Trans. Commun. 63(5), 1541–1553 (2015)

    Article  Google Scholar 

  18. Chan, P.P., Song, W.: Static detection of Android malware by using permission and API calls[. In: Proceedings of the 2014 International Conference, pp. 82–87. IEEE (2014)

  19. Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: Proceedings of the IEEE ICC 2014–Mobile and Wireless Networking Symposium, pp. 2301–2306. IEEE (2014)

  20. Yang, Huan, Zhang, Yuqing, Yupu, Hu, et al.: Android malware detection method based on permission sequential pattern mining algorithm. J. Commun. 34(Z1), 106–115 (2013)

    Google Scholar 

Download references

Acknowledgements

The author would like to thank the Chongqing Basic and Frontier Research Project under Grant NO. cstc2016jcyjA0590. The work is partly funded by the National Nature Science Foundation of China (No. 61672004).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Fengjun Shang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shang, F., Li, Y., Deng, X. et al. Android malware detection method based on naive Bayes and permission correlation algorithm. Cluster Comput 21, 955–966 (2018). https://doi.org/10.1007/s10586-017-0981-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-0981-6

Keywords

Navigation