Android Malware Detection From APK File | IJCT Volume 12 – Issue 6 | IJCT-V12I6P46
International Journal of Computer Techniques
ISSN 2394-2231
Author
Sandhya S, Preethi CS, Preethi JL, Dhanushree HT
Abstract
The rapid-fire spread of the Android bias has converted the technological trend throughout the world and Android is the most extensively applied mobile operating system. Android has proved a perfect victim to vicious actors, who only need to exploit their vulnerability to compromise their system to achieve fiscal earnings, steal data or disrupt the system, which is open- source in nature and has a huge affluence of operations, primarily driven by Google Play Store and third- party sources of operations. The primary distribution of the licit operation and bad operations occurs through Android Package Kit (APK) train that’s the pack of the law of an operation, its coffers and its overload. The possibility to identify malware in APK lines has, in its turn, turned into a exploration issue of cybersecurity. This abstract reviews the complexity of malware discovery ways of Android, which is substantially prone to APK train analysis, and challenges of arising malware technologies and necessity to use arising technologies and enhanced styles similar as machine literacy, deep literacy, and static and dynamic analysis, among others, to enhance discovery effectiveness and delicacy. Android ecosystem is designed as open system and is thus vulnerable to malware in the name of invention and availability. Android doesn’t also limit app installation to sanctioned app stores similar as unrestricted ecosystems but can be installed through colorful sources, including unofficial app stores, direct APK downloads, and is likely to get around strict vetting. Malware can be of different types like trojans, ransomware, spyware and adware, each possesses a specific vulnerability or type of stoner geste to which it’s supposed to exploit. Using trojans as an illustration, they can be used to appear as licit operations to steal precious information, and ransomware infects bias until a rescue is paid. Android Manifest.xml train, which contains authorization and apps geste description, and classes. Dex train, which contains the executable Dalvik law. These are large factors that can be examined during the discovery of malware as they’re likely to give signs of ill motives like vicious authorization access, law obfuscation or vicious API call. The standard hand-grounded styles, indeed after the original malware- detecting Android law was installed, continue to calculate on the comparison of the hand of the Android APK files with a collection of known malware autographs. These styles are veritably useful in arresting the pitfalls that have formerly been linked, but cannot be applied effectively with the case of zero- day attacks and poly- morphic malware that law- modulate to shirk discovery. In order to address these signs, experimenters have turned to the operation of the static and dynamic styles of analysis more. stationary analysis stationary analysis is the analysis of the APK train without executing it generally through decompiling it to examine the law, overload, and coffers. This has been proved to be computationally efficient and is capable of detecting malicious code such as excessive permission requests or an obfuscated code but can be bypassed by the use of code obfuscation or encryption by more advanced malware. Dynamic analysis, in its turn, is used to run the APK in a controlled environment, e.g. a sandbox or emulator, to observe how it will act in a runtime. This works well in detecting the malware programs which will not reveal their evil motive until they are executed such as those programs which exploit runtime vulnerabilities or, in a similar manner, which resort to contact command- and-control servers. Dynamic analysis is however expensive and may not be in a position to trigger malicious actions in case either the malware employs anti-emulation methods or the malware requires some user interaction.
Keywords
^KEYWORDS^
Conclusion
The primary objective of this project was to create a powerful system that would be used to identify Android malware, based on APK files, with the help of machine learning. The given model utilizes the static analysis technique to consider such characteristics as permissions, API calls, and manifest elements of Android applications. According to the conducted experiments, the system could correctly classify applications as safe and harmful with a good level and lower rate of error.The findings indicate that the combination of several static features provides better detection than using a single type of feature. The model can also deal with various types of malware and thus it is more reliable and efficient. The approach will enable the user and developers to detect malicious applications before installation thereby enhancing the overall security of Android devices.
Despite the good performance of the system, it is limited in various ways. Only the static features have been applied and may fail to identify malware that tries to conceal its code or alter conduct at run time. To enhance the system in the future, the features of dynamic analysis and real-time detection can be added to make it stronger and more applicable to the real-world needs.
References
[1]S. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck, “Drebin: Effective and explainable detection of Android malware in your pocket,” Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS), 2014. [2]A. Paygude, S. Waghmare, and S. Patil, “Android malware detection using permissions and API calls,” International Journal of Computer Applications, vol. 157, no. 1, pp. 1–7, 2017. [3]Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” Proceedings of the IEEE Symposium on Security and Privacy (SP), 2012, pp. 95–109. [4]M. Sahs and L. Khan, “A machine learning approach to Android malware detection,” 2012 European Intelligence and Security Informatics Conference (EISIC), 2012, pp. 141–147. [5]N. Apvrille, “Malware detection techniques for Android applications: A survey,” Journal of Information Security and Applications, vol. 19, pp. 124–135, 2014. [6]D. Arp, H. Gascon, K. Rieck, and C. Siemens, “From malware signatures to behavioural detection: Evolution of Android malware detection techniques,” Computers & Security, vol. 77, pp. 55–72, 2018. [7]S. R. A. de Azevedo, P. H. F. Holanda, and A.
C. de Paiva, “Static and dynamic analysis techniques for Android malware detection: A systematic review,” Journal of Systems and Software, vol. 144, pp. 90–108, 2018. [8]H. T. Nguyen and M. Choi, “A hybrid approach
for Android malware detection using permissions and API calls,” Information Sciences, vol. 507, pp. 254–265, 2020. [9]P. Faruki, V. Ganmoor, A. Gaur, L. S. Bhatt, and M. Conti, “Android security: A survey of issues, malware penetration, and defenses,” IEEE Communications Surveys & Tutorials, vol. 17, no. 2, pp. 998–1022, 2015. [10]Z. Yao, C. Zhang, and W. Zhou, “Efficient Android malware detection with multi-layer machine learning,” Proceedings of the 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 2019, pp. 1–6.
How to Cite This Paper
Sandhya S, Preethi CS, Preethi JL, Dhanushree HT (2025). Android Malware Detection From APK File. International Journal of Computer Techniques, 12(6). ISSN: 2394-2231.
