AppPerm Analyzer: Malware Detection System Based on Android Permissions and Permission Groups

Besides the applications aimed at increasing the efficiency of the Android mobile devices, also many malicious applications, millions of Android malware according to various security company reports, are being developed and uploaded into the application stores. In order to detect those applications, a malicious Android application detection system based on permission and permission groups namely, AppPerm Analyzer has been developed. The AppPerm Analyzer software extracts the manifest and code permissions of analyzed applications, creates duple and triple permission groups from them, calculates risk scores of these permissions and permission groups according to their usage rates in malicious and benign applications and calculates the total risk score of the analyzed application. After training the software with 7776 applications in total, it is tested with 1664 benign and 1664 malicious applications. In the tests, AppPerm Analyzer detected malicious applications with an accuracy of 96.19% at most. At this point, sensitivity (true-positive ratio) is 95.50% and specificity (true-negative ratio) is 96.88%. If a false-positive ratio up to 10% is accepted, the sensitivity increases to 99.04%.