SMARTPHONE MALWARE DETECTION USING PERMISSIONS AND MCNEMAR TEST

Abstract

A recent report has shown that the availability of smartphones is increasing at an alarm ing rate and hence the number of mobile malware is exponentially increasing with the increase in popularity of smartphones. From young children to senior citizens everybody uses smartphones as a daily necessity. In 2022, 142.6 billion games and apps were down loaded, which works out to 1.6 million apps downloaded every hour.In 2022, iOS had 32.6 billion downloads, while Google Play had 110.1 billion, which is more than thrice the downloads of iOS. Looking at the level of threat from malware applications for An droid users, it becomes essential to detect malware applications in a quick and effective way. One such way is to use permissions. To make an effective system for malware de tection using permissions we need a large dataset and different permissions to analyze the pattern. We can use different machine learning techniques to find the pattern using dataset and permissions, but if we increase the number of permissions and dataset. With a large number of permissions for analysis, the time of computation increases drastically. The time of computation can be reduced if we reduce the number of datasets or the number of permissions. Reducing the number of features is preferred over decreasing the number of datasets. We can reduce the number of permissions if we only choose the permissions that are most distinguishing and ignore the permissions that don’t play a huge role in distinguishing between malware and benign applications. If a permission only exists in malware applications and not in benign applications then such permissions are recognised as distinguishing, but as the malware applications are getting more incognito, the over lapping of the permissions used by both malware and benign application is increasing. Thus we require a method to rank the permissions based on how well that permission can be used to detect the nature of the application. In this thesis, we introduce a statistical technique named McNemar test to find the correlation of a set of permissions with mal ware and benign applications and rank the permissions. The correlation gives a numerical value for the overlapping of each permission in malware and benign applications. The greater the correlation value lesser will be its usefulness in distinguishing the nature of the application. Such ranking helps us eliminate irrelevant permissions. This ranking can be further used for detection using various machine-learning algorithms. As a result, we narrowed down the total set of permissions from 129 to 38 and got 97% detection accuracy with the Random Forest classifier.