International Journal of Computer Science Trends and Technology (IJCST) Volume 4 Issue 2 , Mar - Apr 2016

RESEARCH ARTICLE

OPEN ACCESS

Malware Detection in Android by Network Behaviour

Analysis
Prof. Shanmuga Priya M [1], Ms. Soundarya S [2], Ms. Aashika S [3]
Assistant Professor [1], UG Scholar [2] & [3]
Department of CSE
RVS Technical Campus-Coimbatore
Tamil Nadu -India

ABSTRACT
Android based Smartphone are now a days getting more popularity. W ith the use of Smartphone user must always
concern about the security breaching and malicious attacks. Here we introduce an approach for proactive malware
detection working by abstraction of program behaviors. Suspicious behaviors are detected by comparing t race
abstractions to reference malicious behaviors. The sen sitive power of concept allo ws us to grip co mmon
mistrustful behaviors rather than specific malware code and then, to distinguish malware transformat ion. We
present and discuss an imp lementation validating our approach. First have to analyze the programs or apps, then
represented them as trace languages, which are abstracted by altering with respect to elementary behavior
patterns, defined as regular string rephrasing systems. This paper rev iew the state of the art on threat s, vulnerabilities ,
We aimed at existing approaches to protecting mobile devices against these classes of attacks into different
categories, based upon the detection principles, arch itectures, collected data and operating systems, esp ecially
focusing on IDS-based models and tools.
Keywords : Android, Wi-Fi, Smart phone device, JSON parser, etc.

I.

INTRODUCTION

Computer security (A lso known as cyber security or IT

Security)
is informat ion
security as
applied
to computers and networks. The field covers all the
processes and mechanisms by which co mputer-based
equipment, informat ion and services are protected fro m
unintended or unauthorized access, change or destruction.
Co mputer security also includes protection fro m
unplanned events and natural disasters. Otherwise, in the
computer industry, the term security -- or the phrase
computer security -- refers to techniques for ensuring
that data stored in
a co mputer
cannot
be read or
compro mised by any individuals without authorizat ion .
Most computer security
measures involve data
encryption and passwords. Data encryption is the
translation of data into a form that is unintelligible
without a deciphering mechanism. A password is a secret
word or phrase that gives a user access to a
particular program or system.

ISSN: 2347-8578

Diagram clearly explain the about the secure computing

Working conditi ons and basic needs in the secure
computing:
If you don't take basic steps to protect your work
computer, you put it and all the informat ion on it at
risk. You can potentially co mpro mise the operation of
other computers on your organization's network, or even
the functioning of the network as a whole.
1.

Physical security:Technical measures like log in

passwords, anti-virus are essential. (More about
those below) Ho wever, a secure physical space is
the first and more important line of defense.Is the
place you keep your workplace co mputer secure
enough to prevent theft or access to it while you are
away? While the Security Depart ment provides
coverage across the Medical center, it only takes

www.ijcstjournal.org

Page 110

International Journal of Computer Science Trends and Technology (IJCST) Volume 4 Issue 2 , Mar - Apr 2016

2.

3.

4.

5.

6.

7.

seconds to steal a co mputer, part icularly a

portable device like a laptop or a PDA. A co mputer
should be secured like any other valuable possession
when you are not present. Hu man threats are not the
only concern. Co mputers can be compro mised by
environmental mishaps (e.g., water, coffee) or
physical trau ma. Make sure the physical location
of your computer takes account of those risks as
well.
Access passwords: The University's networks and
shared informat ion systems are protected in part
by login
credentials
(user-IDs
and
passwords). Access passwords are also an essential
protection
for personal computers in
most
circu mstances. Offices are usually open and shared
spaces, so physical access to computers cannot be
completely
controlled.
To
p rotect
your
computer, you should consider setting passwords for
particularly sensitive applications resident on the
computer (e.g., data analysis software), if the
software provides that capability.
Prying eye protection: Because we deal with all
facets of clinical, research, educational and
administrative data here on the medical campus, it is
important to do everything possible to minimize
exposure of data to unauthorized individuals.
Anti-virus
software:
Up-to-date,
properly
configured anti-virus software is essential. While
we have server-side anti-virus software on our
network co mputers, you still need it on the client side
(your computer).
Firewalls:Anti-virus products inspect files on your
computer and in email. Firewall software and
hardware monitor co mmunications between your
computer and the outside world. That is essential for
any networked computer.
Software updates:It is critical to keep software up to
date, especially the operating system, anti-v irus and
anti-spyware, email and browser software. The
newest versions will contain fixes for d iscovered
vulnerabilities.Almost all anti-v irus have automatic
update features (including SA V). Keep ing the
"signatures" (digital patterns) of malicious software
detectors up-to-date is essential for these products to
be effective.
Keep secure backups:Even if you take all these
security steps, bad things can still happen. Be
prepared for the worst by making backup copies of
critical data, and keep ing those backup copies in a
separate, secure location. For examp le, use

ISSN: 2347-8578

supplemental hard
drives, CDs/DVDs,
or flash
drives to store critical, hard-to-replace data.
Report problems: If you believe that your co mputer
or any data on it has been co mpro mised, your should
make a informat ion security incident report. That is
required by Un iversity policy for all data on our
systems, and legally required for health, education,
financial and any other kind of record containing
identifiable personal information.

8.

II. SYSTEM ARCHITECTURE

III.

OVERVIEW

1) GETTING INSTALLED APPS:

Android has a growing selection of third party
applications, which can be acquired by users
either through an app store such as Google
Play or the Amazon Appstore, or by downloading
and installing the application's APK file fro m a
third-party site. The Play Store application allows
users to browse, download and update apps
published by Google and third-party developers,
and is pre-installed on devices that comply with
Google's compatibility requirements. The app
filters the list of available applications to those
that are compatible with the user's device, and
developers may restrict their applications to
particular carriers or countries for business
reasons. But most of the users download the APK
files fro m third party servers and installed into
mobiles, Most of the apps fro m trusted sources
are not malware, but the third party server
providing malwares in modified APK. So user
has the power to list all the apps installed in their
mobile, then user can identifies the Application is
malware or Benign.

www.ijcstjournal.org

Page 111

International Journal of Computer Science Trends and Technology (IJCST) Volume 4 Issue 2 , Mar - Apr 2016
can be easy for the user to identify the malware.
For examp le a gaming applicat ion requires SMS
permission, but there is no need for SMS in that
application. So the application can send premiu m
rated SMS to any number in background.

2) GETTING RUNNING TASKS:

In Android, p rocesses and Applications are t wo
different things. An app can stay "running" in the
background without any processes eating up your phone's
resources. Android keeps the app in its memory so it
launches more quickly and returns to its prior state. When
your phone runs out of memo ry, Android will
automatically start killing tasks on its own, starting with
ones that you haven't used in awhile.
Mostly malwares are running in the background
without the user knowledge, so that can be send and
receive anonymous data to any remote server. User can
detect the application and remove it, If the user not
opened any app but they automatically running in the
background, its known as malware.

2)

4) M ALWARE DETECTION:
There are many malwares are floating in the web
that can be affecting the android OS, so we
maintaining a huge collection of malware
database to easily find the identified malwares. If
the user scan the entire application installed in
their mob ile each application will be co mpared to
our malware database if any app found malware,
our system shows error and instruct the user to
uninstall the particular application.
User no needs to scan for every time for
malware when installed any application, our
system automatically scan the newly installed
application for malware whenever user install any
new application. If the application is found
malware It show the error.

EXTRACT INFORMATION:
Android security model h ighly relies on
permission-based. There are about 130
permissions that govern access to different
resources. Whenever the user installs a new app,
he would be pro mpt to approve or reject all
permissions requested by the application. In this
module if user selects any running application its
Manifest permissions are shown to the user. It

ISSN: 2347-8578

www.ijcstjournal.org

Page 112

International Journal of Computer Science Trends and Technology (IJCST) Volume 4 Issue 2 , Mar - Apr 2016

IV.

CONCLUSIONS

Malwares",
Retrieved
Http://Www.Malwareinfo.Org/ Library/Whitepa
pers/Malwareanalysishow2.Pdf,Last Accessed:
24 August, 2011.

We proposed Droid Mat, a novel approach

to distinguish and detect Android malware with different
intentions. Droid Mat has the follo wing properties.
Effectiveness: It is effective, that is, it is able to
distinguish variant of Android malware between distinct
purposes of them. It achieves up to 97.87 percentage
points in accuracy. Scalability: It is scalable, that is, it is
linear in the size of the problem (i.e., the number of nonzeros in the input matrix). Efficiency: It does not need to
dynamically investigate the Android application
behaviour fro m the sandbox or by emu lation, which saves
the cost in environ ment deployment and manual efforts in
investigation.
Future enhancement is to buy a server for automatic
updating of behaviours changes.

[5]

Dennis Distler, "Malware Analysis: A

Introduction",Retrievedfro m:Http://Www.Sans.
Org/Read ing_Room/Whitepapers/Malicious/Mal
ware-Analysis-Introduction_2103.

[6]

Stephen. A.Ridley, "Android Malware Reverse

Engineering",Retrievedfro m:Http://Dl.Dropbox.
Com/U/2595211/Hello motoandroidreversing.

[7]

Google Android, Retrieved Http://Developer.

Android.Co m/ Guide/ Basics/What-IsAndroid.Html.

[8]

Troy Vennon, "Threat Analysis Of The Android

Market",Http://Www.Globalthreatcenter.Co m/W
p-Content/Uploads/2010/06/Android-Market Threat-Analysis-6-22-10-V1.Pdf,Last Accessed:
24 August, 2011.

[9]

Johannes
Kinder,
Stefan
Katzenbeisser,
Christian Schallhart, And Helmut Veith.
Proactive Detection Of Co mputer Worms Using
Model Checking. IEEE Transactions On
Dependable And Secure Co mputing, 7:424{438,
October 2010.

[10]

Dong-Jie Wu1, Ching-Hao Mao2 Dro id mat:

Android Malware Detection Through Manifest
And API Calls Tracing2012 Seventh Asia Joint
Conference On Informat ion Security. 978-07695-4776-3/12 /IEEE.

FUTURE ENHANCEMANT
Future enhancement is to buy a server for
automatic updating of behaviours changes.

REFERENCES
[1]

[2]

[3]

[4]

MARIANTONIETTA La Po lla , Fab io Martinelli,

And Daniele Sgandurra, A Survey On Security
For
Mobile
Devices
IEEE
COMMUNICATIONS
SURVEYS
&
TUTORIA LS,
A CCEPTED
FOR
PUBLICATION 1553-877X/12/ 2012 IEEE.
Addodil Jo Elv Arg Hese, Pro. F STUART
WALKER, Dissecting Andro Malware, 2011
The SANS Institute.
ADRIENNE Porter Felt, Matthew Finifter, Erika
Chin,Steven Hanna, And David Wagner,A
Survey Of Mobile Malware In The Wild,ACM
78-1-4503-1000/11/10,October17,2011,Chicago.

Rajdeep Chakraborty, "Detailed Analysis Of

The Continuously Evolving Threat Of

ISSN: 2347-8578

www.ijcstjournal.org

Page 113