You are currently viewing PAM Clustering Aided Android Malicious Apps Detection

PAM Clustering Aided Android Malicious Apps Detection

PAM Clustering Aided Android Malicious Apps Detection

Nibras Talib Mohammed 
Mohsin Hasan Hussein
Abbas Jabber Rashid
University of Karbala – collage of Administration and economics – statistics department

Abstract.
The exponential growth of android contrivances has attracted cybercriminals strongly and dramatically. The applications existed in theandroid market represented an attack surface owing to the lack of security mechanisms applied by the Google play store. Additionally, downloading apps from unofficial sources lead to a further security threat. Any mobileapplication requests several permissions to access users’ data to run the app.

Thus, attackers exploited this feature in compromising users’ sensitive data.This motivated several researchers to investigate security mechanisms to detect Android malware based on this feature utilizing machine learning techniques, particularly classification techniques.

However, This research proposes a permission-based android malware detection framework using a clustering algorithm. Further motivation for this research is that large datasets labeling is a tough mission. Therefore, Our work will contribute to android malware detection as well as android apps datasets labeling. PAM (Partitioning Around Medoid) clustering has been exploited for this purpose since its less affected by outliers or other extreme values. The most significant features have been selected as an input to the clustering algorithm to enhance its results. The results depicted that our clustering algorithm was able from grouping our dataset into two categories malevolent and genuine apps.

Moreover, our result has been validated by evaluation standard F-Measure, which is counting for 0.86 for 40 attributes subset, while it is 0.88 for 30 features subset. This reveals a good performance level of permission-based android malware detection and android applications datasets labeling into malware and good ware.