{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T16:36:04Z","timestamp":1779381364872,"version":"3.53.1"},"reference-count":34,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2022,4,2]],"date-time":"2022-04-02T00:00:00Z","timestamp":1648857600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["2021R1I1A3049788, 2019H1D3A1A01101687, 2021H1D3A2A01099390"],"award-info":[{"award-number":["2021R1I1A3049788, 2019H1D3A1A01101687, 2021H1D3A2A01099390"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Malware applications (Apps) targeting mobile devices are widespread, and compromise the sensitive and private information stored on the devices. This is due to the asymmetry between informative permissions and irrelevant and redundant permissions for benign Apps. It also depends on the characteristics of the Android platform, such as adopting an open-source policy, supporting unofficial App stores, and the great tolerance for App verification; therefore the Android platform is destined to face such malicious intrusions. In this paper, we propose a permissions-based malware detection system (PerDRaML) that determines the App\u2019s maliciousness based on the usage of suspicious permissions. The system uses a multi-level based methodology; we first extract and identify the significant features such as permissions, smali sizes, and permission rates from a manually collected dataset of 10,000 applications. Further, we employ various machine learning models to categorize the Apps into their malicious or benign categories. Through extensive experimentations, the proposed method successfully identifies the 5\u00d7 most significant features to predict malicious Apps. The proposed method outperformed the existing techniques by achieving high accuracies of malware detection i.e., 89.7% with Support Vector Machine, 89.96% with Random Forest, 86.25% with Rotation Forest, and 89.52% with Na\u00efve Bayes models. Moreover, the proposed method optimized up to ~77% of the feature set as compared to the recent approaches, while improving the evaluation metrics such as precision, sensitivity, accuracy, and F-measure. The experimental results show that the proposed system provides a high level of symmetry between irrelevant permissions and malware Apps. Further, the proposed system is promising and may provide a low-cost alternative for Android malware detection for malicious or repackaged Apps.<\/jats:p>","DOI":"10.3390\/sym14040718","type":"journal-article","created":{"date-parts":[[2022,4,3]],"date-time":"2022-04-03T06:04:01Z","timestamp":1648965841000},"page":"718","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":47,"title":["Permissions-Based Detection of Android Malware Using Machine Learning"],"prefix":"10.3390","volume":"14","author":[{"given":"Fahad","family":"Akbar","sequence":"first","affiliation":[{"name":"School of Electrical Engineering and Computer Science, National University of Sciences and Technology (NUST), Islamabad 44000, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4321-2532","authenticated-orcid":false,"given":"Mehdi","family":"Hussain","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, National University of Sciences and Technology (NUST), Islamabad 44000, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0966-3957","authenticated-orcid":false,"given":"Rafia","family":"Mumtaz","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, National University of Sciences and Technology (NUST), Islamabad 44000, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3722-4764","authenticated-orcid":false,"given":"Qaiser","family":"Riaz","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, National University of Sciences and Technology (NUST), Islamabad 44000, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1062-0329","authenticated-orcid":false,"given":"Ainuddin Wahid Abdul","family":"Wahab","sequence":"additional","affiliation":[{"name":"Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur 50603, Malaysia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0662-8355","authenticated-orcid":false,"given":"Ki-Hyun","family":"Jung","sequence":"additional","affiliation":[{"name":"Department of Cyber Security, Kyungil University, Gyeongsan-si 38428, Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2022,4,2]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1016\/j.cose.2016.11.007","article-title":"AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection","volume":"65","author":"Feizollah","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_2","unstructured":"Jannath, N.O.S., and Bhanu, S.M.S. (2018, January 15\u201317). Detection of repackaged Android applications based on Apps Permissions. Proceedings of the 2018 4th International Conference on Recent Advances in Information Technology (RAIT), Dhanbad, India."},{"key":"ref_3","unstructured":"Sandeep, H.R. (2019, January 15\u201317). Static analysis of android malware detection using deep learning. Proceedings of the 2019 International Conference on Intelligent Computing and Control Systems (ICCS), Secunderabad, India."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","article-title":"Significant Permission Identification for Machine-Learning-Based Android Malware Detection","volume":"14","author":"Li","year":"2018","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Wang, Z., Li, K., Hu, Y., Fukuda, A., and Kong, W. (2019, January 28\u201331). Multilevel permission extraction in android applications for malware detection. Proceedings of the 2019 International Conference on Computer, Information and Telecommunication Systems (CITS), Beijing, China.","DOI":"10.1109\/CITS.2019.8862060"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1890","DOI":"10.1109\/TIFS.2018.2806891","article-title":"Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis","volume":"13","author":"Fan","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Fatima, A., Kumar, S., and Dutta, M.K. (2021). Host-Server-Based Malware Detection System for Android Platforms Using Machine Learning. Advances in Computational Intelligence and Communication Technology, Springer.","DOI":"10.1007\/978-981-15-1275-9_17"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Sun, Y., Xie, Y., Qiu, Z., Pan, Y., Weng, J., and Guo, S. (2017, January 6\u201310). Detecting android malware based on extreme learning machine. Proceedings of the 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC\/PiCom\/DataCom\/CyberSciTech), Orlando, FL, USA.","DOI":"10.1109\/DASC-PICom-DataCom-CyberSciTec.2017.24"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"638","DOI":"10.1016\/j.neucom.2017.07.030","article-title":"DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model","volume":"272","author":"Zhu","year":"2018","journal-title":"Neurocomputing"},{"key":"ref_10","first-page":"66","article-title":"AndroSimilar: Robust signature for detecting variants of Android malware","volume":"22","author":"Faruki","year":"2015","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Suarez-Tangil, G., Dash, S.K., Ahmadi, M., Kinder, J., Giacinto, G., and Cavallaro, L. (2017, January 22\u201324). Droidsieve: Fast and accurate classification of obfuscated android malware. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, Scottsdale, AZ, USA.","DOI":"10.1145\/3029806.3029825"},{"key":"ref_12","unstructured":"Tong, S., and Chang, E. (October, January 30). Support vector machine active learning for image retrieval. Proceedings of the ninth ACM international conference on Multimedia, New York, NY, USA."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Qiao, M., Sung, A.H., and Liu, Q. (2016, January 10\u201314). Merging permission and api features for android malware detection. Proceedings of the 2016 5th IIAI international congress on advanced applied informatics (IIAI-AAI), Kumamoto, Japan.","DOI":"10.1109\/IIAI-AAI.2016.237"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., and Wu, K.-P. (2012, January 9\u201310). Droidmat: Android malware detection through manifest and api calls tracing. Proceedings of the 2012 Seventh Asia Joint Conference on Information Security, Washington, DC, USA.","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"ref_15","first-page":"577","article-title":"Constrained k-means clustering with background knowledge","volume":"1","author":"Wagstaff","year":"2001","journal-title":"Icml"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1080\/00031305.1992.10475879","article-title":"An introduction to kernel and nearest-neighbor nonparametric regression","volume":"46","author":"Altman","year":"1992","journal-title":"Am. Stat."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"67602","DOI":"10.1109\/ACCESS.2019.2918139","article-title":"Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions","volume":"7","author":"Wang","year":"2019","journal-title":"IEEE Access"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"102399","DOI":"10.1016\/j.cose.2021.102399","article-title":"KronoDroid: Time-based Hybrid-featured Dataset for Effective Android Malware Detection and Characterization","volume":"110","author":"Bahsi","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_19","first-page":"102751","article-title":"Detection of malicious Android applications using Ontology-based intelligent model in mobile cloud environment","volume":"58","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_20","first-page":"46","article-title":"Sword: Semantic aware android malware detector","volume":"42","author":"Bhandari","year":"2018","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"S48","DOI":"10.1016\/j.diin.2018.01.007","article-title":"MalDozer: Automatic framework for android malware detection using deep learning","volume":"24","author":"Karbab","year":"2018","journal-title":"Digit. Investig."},{"key":"ref_22","first-page":"102696","article-title":"NATICUSdroid: A malware detection framework for Android using native and custom permissions","volume":"58","author":"Mathur","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_23","unstructured":"(2021, January 20). Androguard: Reverse Engineering, Malware Analysis of Android Applications. Available online: https:\/\/github.com\/androguard\/androguard."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"100358","DOI":"10.1016\/j.cosrev.2020.100358","article-title":"A survey of malware detection in Android apps: Recommendations and perspectives for future research","volume":"39","author":"Razgallah","year":"2021","journal-title":"Comput. Sci. Rev."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"100365","DOI":"10.1016\/j.cosrev.2021.100365","article-title":"A survey of android application and malware hardening","volume":"39","author":"Sihag","year":"2021","journal-title":"Comput. Sci. Rev."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Zhang, W., Luktarhan, N., Ding, C., and Lu, B. (2021). Android Malware Detection Using TCN with Bytecode Image. Symmetry, 13.","DOI":"10.3390\/sym13071107"},{"key":"ref_27","unstructured":"(2022, February 08). PerDRaML. Available online: https:\/\/github.com\/fahadakbar24\/android-malware-detection."},{"key":"ref_28","unstructured":"(2021, January 22). Malware Dataset. Available online: https:\/\/github.com\/fahadakbar24\/android-malware-detection-dataset."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Chen, T., He, T., Benesty, M., Khotilovich, V., Tang, Y., Cho, H., and Chen, K. (2015). Xgboost: Extreme Gradient Boosting, Available online: https:\/\/cran.microsoft.com\/snapshot\/2017-12-11\/web\/packages\/xgboost\/vignettes\/xgboost.pdf.","DOI":"10.32614\/CRAN.package.xgboost"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random forests","volume":"45","author":"Breiman","year":"2001","journal-title":"Mach. Learn."},{"key":"ref_31","unstructured":"Goodfellow, I., Bengio, Y., and Courville, A. (2016). Deep Learning, MIT Press. Available online: http:\/\/www.deeplearningbook.org."},{"key":"ref_32","unstructured":"(2021, November 17). Google Play Python API. Available online: https:\/\/github.com\/fahadakbar24\/google-play-api."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"114","DOI":"10.3390\/telecom1020009","article-title":"Feature Importances: A Tool to Explain Radio Propagation and Reduce Model Complexity","volume":"1","author":"Sotiroudis","year":"2020","journal-title":"Telecom"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11227-021-04250-0","article-title":"Feature engineering and deep learning-based intrusion detection framework for securing edge IoT","volume":"78","author":"Nasir","year":"2022","journal-title":"J. Supercomput."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/4\/718\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:48:46Z","timestamp":1760136526000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/4\/718"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,2]]},"references-count":34,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,4]]}},"alternative-id":["sym14040718"],"URL":"https:\/\/doi.org\/10.3390\/sym14040718","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,2]]}}}