2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE)

Android Malware Detection Using Machine

Learning
2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE) 978-1-7281-4142-8/20/$31.00 ©2020 IEEE 10.1109/ic-ETITE47903.2020.491

Rishab Agrawal Vishal Shah Sonam Chavan

Department of Information Department of Information Department of Information
Technology, Technology, Technology,
A.P. Shah Institute of Technology, A.P. Shah Institute of Technology, A.P. Shah Institute of Technology,
Thane(M.H), India 400615 Thane(M.H), India 400615 Thane(M.H), India 400615
Email:agrawalrishab210@gmail.com Email: vishalshah571@gmail.com Email: sonamchavan48@gmail.com

Prof. Ganesh Gourshete Prof. Nahid Shaikh

Department of Information Technology, Department of Information Technology,
A.P. Shah Institute of Technology, A.P. Shah Institute of Technology,
Thane(M.H), India 400615 Thane(M.H), India 400615
Email: gdgourshete@apsit.edu.in Email: nashaikh@apsit.edu.in

Abstract— Malware is one of the major issues regarding the Some recent survey has shown that there are about 2.1 million
operating system or in the software world. The android system is also android applications are there in the market. Due to increase
going through the same problems. We have seen other Signature- in usage of the android system has led to more rollout of
based malware detection techniques were used to detect malware. android malware. This malware is spreading in the market by
But the techniques were not able to detect unknown malware. the third parties developing applications. The Google android
Despite numerous detection and analysis techniques are there, the
detection accuracy of new malware is still a crucial issue. In this
market also doesn’t promise to guarantee that all the
paper, we study and highlight the existing detection and analysis applications listed are threat free. There are also such reports
methods used for the android malicious code. Along with studying, about Trojans applications that if downloaded, their malicious
we propose Machine learning algorithms that will be used to analyze code is also installed and cannot be easily detected by
such malware and also we will be doing semantic analysis. We will be Google’s technologies during publication in the Google
having a data set of permissions for malicious applications. Which android market. The android threats include banking Trojans,
will be compared with the permissions extracted from the application spyware, bots, root exploits, SMS fraud, phishing & fake
which we want to analyze. In the end, the user will be able to see how installer.
much malicious permission is there in the application and also we
analyze the application through comments.

II. OBJECTIVES

To to provide security to the android user from the various

I. INTRODUCTION malwares by analyzing the permissions given to that particular
application
Malware is nothing but the short name for malicious software, to analyze the android application comments by semantic
in general, referred to many forms of hostile or intrusion analyzing technique
creating software, spyware, Trojan horses, backdoor, and
rootkits. The main aim of malware is to damage, steal, disrupt to give interactive user interface to the user to detect the
or do some bad actions. Malware is powerful enough to infect malicious percentage of the application.
any kind of computing machine running application, and the
prevention of malware is being well studied for personal
computers (PC). A Smartphone device the detection
techniques used is lagging far behind as compared to the fast III. VARIOUS TECHNIQUES TO INSERT MALWARE
growth of the mobile population is being

978-1-7281-4141-1/$31.00 ©2020 IEEE

978-1-7281-4142-8/$31.00 ©2020 IEEE 1

Authorized licensed use limited to: Indian Institute Of Technology (Banaras Hindu University) Varanasi. Downloaded on March 24,2024 at 10:04:24 UTC from IEEE Xplore. Restrictions apply.
 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE)

There are various ways and methods through malware or any the machine learning techniques to check whether it is a
malicious file can enter your system or application. Some of the malware or normal application. For validating their system they
common techniques of malware getting intruded into the system have collected 3258 samples of android apps and those have to
are as follows: - be extracted for every application, extract their features and
A. Penetration: have to train the models going to be evaluated with the help of
classification accuracy and time taken for the model.
Penetration techniques commonly used for malware
applications for installation activation & running on the android In literature[3], the paper was published in the year 2016. They
system are repackaging, updating and downloading. have proposed a Robotium program in an Android sandbox that
can trigger any android application automatically and monitor
B. Repackaging: its behavior. The program has a UI Identification automatic
trigger program that can click the mobile applications in a
It is among the common techniques for malware developers to meaningful order. The program was able to perform larger-
install malicious applications on an android scale experiments. They also tried to build a decision model
platform.Repackaging approach for popular applications and using behavior that has collected with the help of the random
misuse them as malware. The developer downloads such types forest algorithm. It has been able to determine whether the
of application and recodes them and adds their own malicious unknown application is malware and also shows its confidence
code and uploads that application to the official Android app value. They could store the result and also the confidence value
store or on the different markets. of the unknown apk file in their database.

C. Updating: In literature[4], the paper was published in the year 2018. They
have proposed the android malware detection system with the
This technique is much more difficult for detecting help of permissions, APIs, and also with the presence of
malware.The malware developer may still use repackaging but different key apps information such as, the dynamic code,
instead of encoding inflict code to the application the developer Reaction code, native code, cryptographic code, database, etc.
may include an update component that will able to download as the feature to train and build classification model just by
malicious code at the run time. using various machine learning techniques which can
automatically distinguish malicious Android apps(Malware)
D. Downloading: from the legitimate ones.

This is the most traditional attacking technique. The malware

developer needs to attract the user to download interesting and
attractive applications V. EXISTING SYSTEM

In the existing system, the application permissions are extracted

to detect the malware and executed through the command
IV. LITERATURE REVIEW prompt. A proper GUI was not provided to execute the tasks.
All the commands were run through the command prompt. It
In literature[1], the paper was published in the year 2018. They was difficult for the non-technical user to use the system. And
have performed the malware detection with the help of 300 also Semantic analysis was not implemented.
malware files and 300 benign apk files, also they managed to
generate only 183 malware and 300 benign gray-scale images.
The other 117 malware samples were unable to generate into
images because the apk files were corrupted or either that files VI. PROPOSED SYSTEM
did not contain classes.dex file. Also, the accuracy was much
less in all the algorithms they used. They have detected with the In the proposed system, we are doing the permission-based
help of three different classifier techniques namely the k- analysis and also the semantic analysis. The permission-based
nearest neighbor(KNN), Random Forest (RF), and Decision analysis is been done on the web-based UI while the existing
Tree(DT). systems were just doing it all on the local machine in the
command prompt.
In literature[2], the paper was published in the year 2017. They
had used different machine learning algorithms such as Naive In our system, we have implemented an admin panel as well as
Bayes,j48, random forest, Multiclass classifier and multilayer a user panel. In the admin panel admin have the access to upload
perceptron to detect android malware and evaluate the the apk files and its details along with its categorization and also
performance of each algorithm. Here they implemented a the admin can upload the comment that can be used for
framework for classifying android applications with the help of semantic analysis.

978-1-7281-4141-1/$31.00 ©2020 IEEE

2

Authorized licensed use limited to: Indian Institute Of Technology (Banaras Hindu University) Varanasi. Downloaded on March 24,2024 at 10:04:24 UTC from IEEE Xplore. Restrictions apply.
 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE)

In the user-panel the user can see the select the category of the
application and can see its details like pricing description name.
User can see the malicious percentage of the application. And
the processed output of the semantic analysis will be displayed
to the user in the form of graph and the user will get a proper
review of the application.

Figure No 2.1- GUI of admin panel(Add Apk)

Fig No. 1.1 Block diagram of Admin panel

Figure No2.2-GUI of Admin Panel(Semantic analysis)

In the above figure 2.1 & 2.2, we have shown the GUI of our
admin panel. Here the admin will fill the details of the particular
application and upload the apk file along with its image. The
permissions will be extracted from this apk file and will be
stored in the database.

Figure No 1.2- Block diagram of User panel

Figure No 2.3- GUI of user panel

In the above figure 2.3, we have shown the GUI of the user
panel, where the user will be able to see the applications genre
wise and can explore various applications according to its
requirements. Once the user selects particular genre, the user
will get list of various applications under that genre and once
the user clicks on particular application, the comments along
with semantic analysis result will we available to the user.

978-1-7281-4141-1/$31.00 ©2020 IEEE

3

Authorized licensed use limited to: Indian Institute Of Technology (Banaras Hindu University) Varanasi. Downloaded on March 24,2024 at 10:04:24 UTC from IEEE Xplore. Restrictions apply.
 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE)

VII. RESULTS

The Malware Detection can detect many different permissions

based on the which it has been asked and also which of the
permissions which it has been taken by default. Also, the
semantic analysis is been used to get the proper comments
resultant it in to get if the application is been proper or not. The
permission-based analysis and also the semantic analysis gives
the proper output so that the user can use those particular apps
or not.

VIII. CONCLUSION AND FUTURE WORKS

In our work, we propose a system for permission analysis and

semantic analysis. Our system is also used to detect malware
permissions based on an application by comparing it with a
dataset. This proposed system can be applied in the fields of the
security system and also for the n users like a malware detection
software. However, there are limitations in our system. The
permissions which we are defining are as per our but it can
differ from users to users. The permissions which the user likes
that it is not a malware-based can be malware for any other user.
Future works will contain the improvement of that.

IX. REFERENCES

[1] Darus,Fauzi Mohd,Salleh Noor Azurati Ahmad,and Aswami Fadillah Mohd

Ariffin.”Android Malware Detection Using Machine Learning on Image
Patterns”2018 Cyber Resilience Conference(CRC).IEEE,2018.

[2] Vrama,P.Ravi Kiran,Kotari Prudvi raj,and KV Subba Raju.”Android mobile

security by detecting and classification of malware based on permissions using
machine learning algorithms.”2017 InternationalConference on I-SMAC (IoT
in Social,Mobile,Analytics and Cloud)(I-SMAC).IEEE2017.

[3] Chang,Wei-Ling, Hung-Min Sun,and Wei Wu.”An Android Behaviour-

Based Malware Detection Method using Machine Learning.” 2016 IEEE
International Conference on Signal Processing, Communications and
Computing (ICSPCC).IEEE, 2016.

[4] Koli, J. D. “RanDroid: Android malware detection using random machine

learning classifiers.” 2018 Technologies for Smart-City Energy Security and
Power (ICSESP).IEEE,2018.

978-1-7281-4141-1/$31.00 ©2020 IEEE

4

Authorized licensed use limited to: Indian Institute Of Technology (Banaras Hindu University) Varanasi. Downloaded on March 24,2024 at 10:04:24 UTC from IEEE Xplore. Restrictions apply.