PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation Mapping
Android, the world’s most widely used mobile operating system, is increasingly targeted by malware due to its open-source nature, high customizability, and integration with Google services. The increasing reliance on mobile devices significantly raises the risk of malware attacks, especia...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10817609/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841563286393323520 |
|---|---|
| author | Arvind Prasad Shalini Chandra Mueen Uddin Taher Al-Shehari Nasser A. Alsadhan Syed Sajid Ullah |
| author_facet | Arvind Prasad Shalini Chandra Mueen Uddin Taher Al-Shehari Nasser A. Alsadhan Syed Sajid Ullah |
| author_sort | Arvind Prasad |
| collection | DOAJ |
| description | Android, the world’s most widely used mobile operating system, is increasingly targeted by malware due to its open-source nature, high customizability, and integration with Google services. The increasing reliance on mobile devices significantly raises the risk of malware attacks, especially for non-technical users who often grant permissions without thorough evaluation, leading to potentially devastating effects. This paper introduces PermGuard, a scalable framework for Android malware detection that maps permissions into exploitation techniques and employs incremental learning to detect malicious apps. It presents a novel technique for constructing the PermGuard dataset by mapping Android permissions to exploitation techniques, providing a comprehensive understanding of how permissions can be misused by malware. The dataset consists of 55,911 benign and 55,911 malware apps, providing a balanced and comprehensive foundation for analysis. Additionally, a new strategy using similarity-based selective training reduces the amount of data required for the training of an incremental learning-based model, focusing on the most relevant data to improve efficiency. To ensure robustness and accuracy, the model adopts a test-then-train approach, initially testing on application data to identify weaknesses and refine the training process. The framework’s resilience is tested against adversarial attacks, demonstrating its ability to withstand attempts to bypass or deceive detection mechanisms and enhance overall security. Designed for scalability, PermGuard can handle large and continuously growing datasets, making it suitable for real-world applications. Empirical results indicate that the model achieved an accuracy of 0.9933 on real datasets and 0.9828 on synthetic datasets, demonstrating strong resilience against both real and adversarial attacks. |
| format | Article |
| id | doaj-art-5286bd3fbc01450783fd03e381182c31 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-5286bd3fbc01450783fd03e381182c312025-01-03T00:01:43ZengIEEEIEEE Access2169-35362025-01-011350752810.1109/ACCESS.2024.352362910817609PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation MappingArvind Prasad0https://orcid.org/0000-0001-5803-0366Shalini Chandra1Mueen Uddin2https://orcid.org/0000-0003-1919-3407Taher Al-Shehari3https://orcid.org/0000-0002-9783-919XNasser A. Alsadhan4Syed Sajid Ullah5https://orcid.org/0000-0002-5406-0389Department of Computer Engineering and Applications, GLA University, Mathura, IndiaDepartment of Computer Science, BBA University, Lucknow, IndiaCollege of Computing and Information Technology, University of Doha for Science and Technology, Doha, QatarDepartment of Self-Development Skill, Common First Year Deanship, Computer Skills, King Saud University, Riyadh, Saudi ArabiaComputer Science Department, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi ArabiaDepartment of Information and Communication Technology, University of Agder, Grimstad, NorwayAndroid, the world’s most widely used mobile operating system, is increasingly targeted by malware due to its open-source nature, high customizability, and integration with Google services. The increasing reliance on mobile devices significantly raises the risk of malware attacks, especially for non-technical users who often grant permissions without thorough evaluation, leading to potentially devastating effects. This paper introduces PermGuard, a scalable framework for Android malware detection that maps permissions into exploitation techniques and employs incremental learning to detect malicious apps. It presents a novel technique for constructing the PermGuard dataset by mapping Android permissions to exploitation techniques, providing a comprehensive understanding of how permissions can be misused by malware. The dataset consists of 55,911 benign and 55,911 malware apps, providing a balanced and comprehensive foundation for analysis. Additionally, a new strategy using similarity-based selective training reduces the amount of data required for the training of an incremental learning-based model, focusing on the most relevant data to improve efficiency. To ensure robustness and accuracy, the model adopts a test-then-train approach, initially testing on application data to identify weaknesses and refine the training process. The framework’s resilience is tested against adversarial attacks, demonstrating its ability to withstand attempts to bypass or deceive detection mechanisms and enhance overall security. Designed for scalability, PermGuard can handle large and continuously growing datasets, making it suitable for real-world applications. Empirical results indicate that the model achieved an accuracy of 0.9933 on real datasets and 0.9828 on synthetic datasets, demonstrating strong resilience against both real and adversarial attacks.https://ieeexplore.ieee.org/document/10817609/Android malware detectionmachine learningpermissions exploitationcybersecuritymobile security |
| spellingShingle | Arvind Prasad Shalini Chandra Mueen Uddin Taher Al-Shehari Nasser A. Alsadhan Syed Sajid Ullah PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation Mapping IEEE Access Android malware detection machine learning permissions exploitation cybersecurity mobile security |
| title | PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation Mapping |
| title_full | PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation Mapping |
| title_fullStr | PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation Mapping |
| title_full_unstemmed | PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation Mapping |
| title_short | PermGuard: A Scalable Framework for Android Malware Detection Using Permission-to-Exploitation Mapping |
| title_sort | permguard a scalable framework for android malware detection using permission to exploitation mapping |
| topic | Android malware detection machine learning permissions exploitation cybersecurity mobile security |
| url | https://ieeexplore.ieee.org/document/10817609/ |
| work_keys_str_mv | AT arvindprasad permguardascalableframeworkforandroidmalwaredetectionusingpermissiontoexploitationmapping AT shalinichandra permguardascalableframeworkforandroidmalwaredetectionusingpermissiontoexploitationmapping AT mueenuddin permguardascalableframeworkforandroidmalwaredetectionusingpermissiontoexploitationmapping AT taheralshehari permguardascalableframeworkforandroidmalwaredetectionusingpermissiontoexploitationmapping AT nasseraalsadhan permguardascalableframeworkforandroidmalwaredetectionusingpermissiontoexploitationmapping AT syedsajidullah permguardascalableframeworkforandroidmalwaredetectionusingpermissiontoexploitationmapping |