Author(s)

Jiali Zhang, Chengxun Chen

Corresponding Author

Jiali Zhang

ABSTRACT

Objective As the Android apps spring up at present, combined with the open source nature of Android system, malicious codes are easily embedded in Android apps, leading to a serious threat to users. However, most detection methods based on app permission features have neglected the correlation among permissions, resulting in a poor practicability and a high false alarm rate. Therefore, a malware detection method based on Bayesian network was put forward in this paper. Method The permission data of a range of Android apps were analyzed to determine the Bayesian network structure and parameter distribution on basis of expert knowledge. The open source Android app data set was introduced to verify the model, and multiple detection algorithms integrated with multiple indicators were adopted for comparison, so as to discover the maximum possible features of the malware based on the network structure. Results According to the analysis on accuracy, precision, recall, and F1 value, the indicators of this method are higher than those of logistic regression and random forest methods. The location where the malicious code is most possible embedded could be reasoned backwards by this method. Conclusion The method is accurate and feasible to locate the permission to generate malicious behavior finally in case of known malwares, providing a basis for locating the malicious code.

KEYWORDS

Bayesian network; Android malwares; app security detection; app permission; forward analysis; backward reasoning