FAMOUS: Forensic Analysis of MObile devices Using Scoring of application permissions

With the emergence of Android as a leading operating system in mobile devices, it becomes mandatory to develop specialized, predictive and robust security measures to provide a dependable environment for users. Extant reactive and proactive security techniques would not be enough to tackle the fast-growing security challenges in the Android environment. This paper has proposed a predictive forensic approach to detect suspicious Android applications. An in-depth study of statistical properties of permissions used by the malicious and benign Android applications has been performed. Based on the results of this study, a weighted score based feature set has been created which is used to build a predictive and lightweight malware detector for Android devices. Various experiments conducted on the aforementioned feature set, an improved accuracy level of 99% has been achieved with Random Forest classifier. This trained model has been used to build a forensic tool entitled FAMOUS (F orensic A nalysis of MO bile devices U sing S coring of application permissions) which is able to scan all the installed applications of an attached device and provide a descriptive report.