Malware Detection in Android App Using Static and Dynamic Analysis

SAVITRIBAI PHULE PUNE UNIVERSITY
A PROJECT REPORT ON
MALWARE DETECTION IN ANDROID APP

USING STATIC AND DYNAMIC ANALYSIS
SUBMITTED TOWARDS THE
PARTIAL FULFILLMENT OF THE REQUIREMENTS OF
BACHELOR OF ENGINEERING (Computer Engineering)
BY
Sonawane Rachana Hiralal Exam No: B120934269

Tate Priyanka Kailas Exam No: B120934271
Shinde Sagar Ananda Exam No: B120934265
UNDER THE GUIDANCE OF
Prof.N.V. Kapade
DEPARTMENT OF COMPUTER ENGINEERING

LOKNETE GOPINATHJI MUNDE INSTITUTE OF
ENGINEERING EDUCATION RESEARCH, NASHIK
2016 - 2017
LOKNETE GOPINATHJI MUNDE INSTITUTE OF ENGINEERING
EDUCATION AND RESEARCH (LOGMIEER) NASHIK-02
2016-2017
CERTIFICATE
This is to certify that the Project Entitled,
MALWARE DETECTION IN ANDROID APP USING STATIC AND

DYNAMIC ANALYSIS
Submitted by
is a bonafide work carried out by Students under the supervision of Prof. N. V. Kapade
and it is submitted towards the partial fulfillment of the requirement of Bachelor of En-
gineering (Computer Engineering).
Prof.N. V. Kapade Prof.K. V. Ugale

Internal Guide H.O.D
Dept. of Computer Engg. Dept. of Computer Engg.
Dr.Arunkumar Dwivedi
Principal
LoGMIEER, Nashik-02
Signature of Internal Examiner Signature of External Examiner

Project Approval Sheet
Malware Detection in Android App Using Static and
Dynamic Analysis
Is successfully completed by

at
LOKNETE GOPINATHJI MUNDE INSTITUTE OF ENGINEERING

EDUCATION AND RESEARCH (LOGMIEER) NASHIK-02
SAVITRIBAI PHULE PUNE UNIVERSITY,PUNE
ACADEMIC YEAR 2016-2017
Prof.N. V. Kapade Prof.K. V. Ugale

Internal Guide H.O.D
Dept. of Computer Engg. Dept. of Computer Engg.
iii
Abstract
Smartphones and mobile tablets are fast becoming necessary in daily life. Android
has been the most popular mobile operating system since 2012. However, due to the
open nature of Android, immeasurable malwares are hidden in a large number of kindly
apps in Android markets that dangerously pressure Android security. Deep learning is a
new area of machine learning research that has gained increasing detect in artificial in-
telligence. In this study, we propose to connect the features from the static analysis with
features from dynamic analysis of Android apps and differentiate malware using deep
learning techniques. We execute an Online deep-learning-based Android malware detec-
tion engine (DroidDetector) that can automatically identify whether an app is a malware
or not. With thousands of Android apps, we systematically test DroidDetector and do
an in depth analysis on the features that deep learning basically exploit to differentiate
malware. The results show that deep learning is suitable for differential Android malware
and especially useful with the availability of more training data. DroidDetector can get
96.76 percent detection accuracy, which outperforms traditional machine learning tech-
niques. An estimation of ten popular anti-virus softwares demonstrates the importance
of advancing our capabilities in Android malware finding.
Keywords :Android security; malware detection; characterization; deep learning; associ-

ation rules mining
iv
Acknowledgment
It is our immense pleasure to work on this project Malware Detection in Android
App Using Static and Dynamic Analysis. It is only the blessing of my divine master
which has prompted and mentally equipped us to undergo the study of this project.
We would like to thank Dr.Arunkumar Dwivedi, Principal, LoGMIEER College of
Engineering for giving me such an opportunity to develop practical knowledge about
subject. We are also thankful to Prof K. V.Ugale, Head of Computer Engineering
Department for his valuable encouragement at every phase of our seminar work and
completion.
We offer our sincere thanks to my guide Prof.N.V. Kapade, who very affectionately
encourages us to work on the subject and gave his valuable guidance time to time. While
preparing this project We are very much thankful to his.
We are also grateful to entire staff of Computer Engineering Department for their kind
co-operation which helped me in successful completion of project.

v
Contents
Certificate ii
Abstract iv
Acknowledgment v
Index vi
List of Figures xi
List of Tables xiii
List of Abbreviations xv
1 Synopsis 1
1.1 Project Title . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Project Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Internal Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4 Technical Keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.5 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.6 Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.7 Goals and Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.8 Relevant mathematics associated with the Project . . . . . . . . . . . . . 6
1.8.1 System Description . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.8.2 Mathematical Model . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.9 Names of Conferences/Journals where papers can be published . . . . . . 8
1.10 Review of Conference /Journal Papers Supporting Project Idea . . . . . 9
1.11 Explanation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.12 Plan of Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.13 Plan of Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2 Technical keywords 18
2.1 Area Of Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.2 Technical Keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
vi
3 Introduction 21
3.1 Need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.2 Basic concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4 Problem Definition And Scope 27

4.1 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.1.1 Description Of Problem . . . . . . . . . . . . . . . . . . . . . . . 28
4.1.2 Goals and Objective . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.1.3 Statement Of Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.1.4 Software Context . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.2 Major Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.3 Methodologies Of Problem Solving And Efficiency Issues . . . . . . . . . 31
4.4 Outcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.5 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.6 Hardware Requirement: . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.7 Software requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.8 Operating Environment: . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.9 Development Environment: . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.10 Testing Environment: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5 Project Plan 35
5.1 Project Estimates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.1.1 Waterfall Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.2 Reconciled Estimates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5.2.1 Project Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.3 Risk Management w.r.t. NP Hard Analysis . . . . . . . . . . . . . . . . . 39
5.3.1 Risk Identification . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.3.2 Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.3 Overview Of Risk Mitigation,Monitoring,Management . . . . . . . 42
5.3.4 Project Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
5.3.5 Timeline Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.3.6 Task Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.4 Team Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
vii
5.4.1 Management Reporting And Communication . . . . . . . . . . . . 47
5.4.2 Team Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
6 Software Requirement Specification 50

6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6.1.1 Purpose And Scope of Document . . . . . . . . . . . . . . . . . . 51
6.1.2 Overview Of Responsibilities Of Developer . . . . . . . . . . . . . 52
6.2 Usage Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6.2.1 User Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6.2.2 Use-cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6.3 Functional Model And Description . . . . . . . . . . . . . . . . . . . . . 53
6.3.1 Data Flow Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 53
6.3.2 DFD Level-0: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
6.3.3 DFD Level-1: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6.3.4 DFD Level-2: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6.3.5 Sequence Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 57
6.4 Class Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.5 Component Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.6 Non functional requirement . . . . . . . . . . . . . . . . . . . . . . . . . 61
6.7 Design Constraint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.8 Software interface design . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
7 Design 68
7.1 Existing System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
7.2 Proposed System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
7.3 Detailed Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
7.3.1 Internal Data Structure . . . . . . . . . . . . . . . . . . . . . . . 77
7.3.2 Global data Structure . . . . . . . . . . . . . . . . . . . . . . . . 77
7.3.3 Temporary data Structure . . . . . . . . . . . . . . . . . . . . . . 77
8 Project Implementation 78
8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
8.2 Tools and Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
viii
8.2.1 Java: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
8.2.2 NetBean . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
8.2.3 Android OS: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
8.2.4 Android Environment . . . . . . . . . . . . . . . . . . . . . . . . 89
8.3 Methodologies/Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . 93
8.3.1 Algorithm Steps: . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
8.3.2 Mathematical Model . . . . . . . . . . . . . . . . . . . . . . . . . 94
8.4 Verication and Validation for Acceptance: . . . . . . . . . . . . . . . . . 96
9 Software Testing 99
9.1 System Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
9.1.1 Types Of Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
9.2 Testing Methodologies: . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.2.1 Unit Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.2.2 Integration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.2.3 User Acceptance Testing . . . . . . . . . . . . . . . . . . . . . . . 103
9.2.4 Output Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
9.2.5 Validation Checking . . . . . . . . . . . . . . . . . . . . . . . . . 104
9.3 Verication and Validation for Acceptance: . . . . . . . . . . . . . . . . . 105
10 Result 109
10.1 Analysis Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
10.2 Flow Of Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
11 Deployment And Maintenance 117

11.1 Installation and Un-Installation: . . . . . . . . . . . . . . . . . . . . . . 118
11.1.1 Java: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
11.1.2 Installing Android Studio: . . . . . . . . . . . . . . . . . . . . . . 119
11.1.3 Installing Xampp Server . . . . . . . . . . . . . . . . . . . . . . . 120
11.1.4 Installing NetBean . . . . . . . . . . . . . . . . . . . . . . . . . . 120
12 Conclusion And Feature Scope 122
References 125
ix
Annexure B 128
Annexure C 134
Annexure D 138
Annexure E 140
Annexure F 141
x
List of Figures
1.1 Restricted Boltzmann Machines(RBM) . . . . . . . . . . . . . . . . . . . 7
5.1 Waterfall Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

5.2 Task Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
6.1 Use-Case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

6.2 DFD Level-0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
6.3 DFD Level-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6.4 DFD Level-2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6.5 Sequence Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
6.6 Class Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.7 Component Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.8 Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
6.9 Register Usename and Password . . . . . . . . . . . . . . . . . . . . . . . 64
6.10 Click Checkbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.11 Register E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
6.12 Verification of Username and password . . . . . . . . . . . . . . . . . . . 67
7.1 Existing architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

7.2 Proposed architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
7.3 Feature extraction for an Android app. . . . . . . . . . . . . . . . . . . 72
7.4 Deep learning model constructed with DBN. . . . . . . . . . . . . . . . . 73
8.1 Features of Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

8.2 Android Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
8.3 Restricted Boltzmann Machines(RBM) . . . . . . . . . . . . . . . . . . . 94
10.1 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

10.2 Test Duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
10.3 Admin Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
10.4 User Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
10.5 Authorize User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
10.6 Data Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
xi
10.7 searching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
12.1 Canvas Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
xii
List of Tables
1.1 literature survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2 Time-Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.3 TimeLine Table for Project . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.1 Functional matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

4.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.3 Hardware Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.4 Software Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.1 Risk Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.2 Probability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3 Impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.4 Risk Mitigation,Monitoring,Management . . . . . . . . . . . . . . . . . . 42
5.5 Risk Mitigation,Monitoring,Management . . . . . . . . . . . . . . . . . . 43
5.6 TimeLine Table for Project . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.7 Team Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5.8 Management Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.1 Android Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

8.2 Test Case For UI: User Registration: . . . . . . . . . . . . . . . . . . . . 96
8.3 Test Case For UI: User Login: . . . . . . . . . . . . . . . . . . . . . . . . 97
8.4 Test Case For UI : upload advertisement: . . . . . . . . . . . . . . . . . . 97
8.5 Test Case For Malware: . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

12.1 Idea Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

xiii
xiv
List of Abbreviations
DBN: Deep Belief Networks
RBM: Restricted Boltzmann Machines
PRIM: Patient Rule Induction Method
xv
CHAPTER 1
SYNOPSIS
CHAPTER 1. SYNOPSIS
1.1 Project Title

Malware Detection in Android App Using Static and Dynamic Analysis
1.2 Project Option

Internal Project
1.3 Internal Guide

Prof. N. V. Kapade
1.4 Technical Keywords

-Android security.
-Malware detection.
-Characterization.
-Deep learning.
-Association rules mining.
1.5 Problem Statement

We implemented the Android malware finding engine DroidDetector based on the
deep learning mode DroidDetector has been open online for user testing and can auto-
matically detect whether a submitted app is a malware or not. Once the .apk file of
an app is submitted, DroidDetector checks its integrity and determines whether it is a
complete, correct, and legitimate Android application.
To systematically characterize Android apps (i.e., both malware and benign apps),
we conduct static and dynamic analysis to remove features from each app. All the
features fall under one of three types: required permissions, sensitive APIs, and dynamic
behaviors. Specially, all we need is the installation le (i.e., apk le) of each Android app.
Traditional machine learning that have less than three layers of computation units
are considered to have shallow architectures. Fortunately, deep learning models with a
deep architecture change that situation. In practical use, a deep learning model can be
constructed with different deep architectures For this study, we chose DBN architecture
to construct our deep learning model and characterize Android apps. The construction
LoGMIEER, Dept. of Computer Engineering 2016-2017 2

CHAPTER 1. SYNOPSIS
of a deep learning model has two phases, the unsupervised pretraining phase and super-
vised back-propagation phases. In the pre-training phase, the DBN is hierarchically built
by stacking a number of Restricted Boltzmann Machines (RBM), with the deep neural
network regarded as a latent variable model, which is bene?cial for gradually evolving
high-level representations. In the back-propagation phase, the pre-trained DBN is ?ne
tuned with labeled samples in a supervised manner. The deep learning model uses the
same app set in both phases of the training process. In this way, the deep learning model
is completely built.
We implement the Android malware detection engine Droid Detector based on the
deep learning model, Droid Detector has been open online for user testing and can au-
tomatically detect whether a submitted app is a malware or not. Once the .apk file of
an app is submitted, Droid Detector checks its integrity and determines whether it is a
complete, correct, and legitimate Android application. Next, Droid Detector executes a
static analysis to obtain the permissions and sensitive APIs that are used by this app.
Then, Droid Detector executes a dynamic analysis by installing and running this app in
DroidBox for a fixed period of time. In this way, Droid Detector identifies the dynamic
behaviors that are being performed. We have completely automated the static and dy-
namic analyses of DroidDetector. The detection results, including detailed information
from the integrity check and both analyses, are then reported to the users. Since the
new types of apps are constantly emerging, we have designed two crawler modules. One
is used for crawling benign apps from the Google Play Store and the other is used for
crawling malware from well-known malware. Using this strategy, we expect Droid De-
tector to keep pace with the evolution of Android malware. To validate the ability of
the deep learning model to detect Android malware and make an in-depth analysis on
the features that deep learning essentially exploits to characterize malware, we conducted
experiments on three public app sets. One benign app set was randomly crawled from the
Google Play Store. Although there might be a few malicious apps hidden among them,
we regard all of them as benign apps. Another two malicious app sets were respectively
collected from the Contagio Community.
In the next part of the study, we mixed together an equal number of malicious and
benign apps. In doing so, we obtained a training set and a test set, either of which
included malicious and benign randomly selected apps. The following experiments were

CHAPTER 1. SYNOPSIS
all performed on these two app sets.

We conducted experiments on the app sets. We performed an in-depth analysis on
the features exploited by deep learning to distinguish malicious and benign apps using
association rule mining techniques.
1.6 Abstract
Smartphones and mobile tablets are fast becoming necessary in daily life. Android
has been the most popular mobile operating system since 2012. However, due to the
open nature of Android, immeasurable malwares are hidden in a large number of kindly
apps in Android markets that dangerously pressure Android security. Deep learning is a
new area of machine learning research that has gained increasing detect in artificial in-
telligence. In this study, we propose to connect the features from the static analysis with
features from dynamic analysis of Android apps and differentiate malware using deep
learning techniques. We execute an Online deep-learning-based Android malware detec-
tion engine (DroidDetector) that can automatically identify whether an app is a malware
or not. With thousands of Android apps, we systematically test DroidDetector and do
an in depth analysis on the features that deep learning basically exploit to differentiate
malware. The results show that deep learning is suitable for differential Android malware
and especially useful with the availability of more training data. DroidDetector can get
96.76 percent detection accuracy, which outperforms traditional machine learning tech-
niques. An estimation of ten popular anti-virus softwares demonstrates the importance
of advancing our capabilities in Android malware finding.
1.7 Goals and Objectives

• In this project our goal is provide the protection to Android mobile phones from
the Malware Apps by implementing the following terms:
1. Registration:
After Registration, Validation Activity is done. In Validation Activity we check
whether User is valid or not.
2. Authentication:
Authentication Activity does to authenticate the legitimate User and preventing
them from malicious User. This activity takes place when user enters the Login
details. In Authentication we authenticate the User by matching the Entered ID

CHAPTER 1. SYNOPSIS
and Password with the saved ID and Password in the Database.

3. Sample Database:
Sample Database contains Password, User name, and Account details.
4. Static Analysis: Required permissions and sensitive APIs are extracted through
the static analysis. static analyses to characterize Android malware and extract
features from each app.
5. Dynamic Analysis:
Dynamic analysis app analyses and then applied the deep learning technique. dy-
namic analysis of Android apps and learn the difference between malware and be-
nign apps automatically.
6. Deep learning:
Deep learning is a capable technique for Android malware detection. deep learning
model has two phases, the unsupervised pre-training phase and supervised back-
propagation phases.
7. DBN:
The DBN is hierarchically built by stacking a number of Restricted Boltzmann Ma-
chines (RBM), which is bene?cial for gradually evolving high-level representations.
The pre-trained DBN is ?ne-tuned with marker samples in a supervised manner.
8. Droid Detector :
Droid Detector has been open online for user testing and can automatically identify
whether a submitted app is a malware or not. Once the .apk file of an app is sub-
mitted, Droid Detector checks its integrity and determines whether it is a complete,
correct, and legitimate Android application.
9. Malware:
Android malware is malicious software that is specifically built to attack mobile
phone or smartphone systems. These types of malware rely on develop a particular
operating systems (OS) and mobile phone software technology, and represent a
important part of malware attacks in today’s computing world, where mobile phones
are increasingly common.

CHAPTER 1. SYNOPSIS
1.8 Relevant mathematics associated with the Project
1.8.1 System Description

• Input: Input: User ID, Password, Malware, Required permission, Dynamic be-
haviour, Sensitive API, Readable file, Android APK, android mobile.
• Output: characterize Android malware, detect whether a submitted app is a mal-
ware or not.
• Functions : RBM Initialization(), CD-K Sampling(), Updating Parameter(), RBM
Assessment().
• Success Condition: Registration Validate, Authentication Successful,Malware de-
tected.
• Failure Condition: Authentication fails then re-login to the System,If Malware de-
tected then uninstall the app.
1.8.2 Mathematical Model

M =( i, o, Si, So, F, Sf, Ct, Cs, Pn )
Where;
i = Inputs;
o = Output;
I/p= Malware, Required permission, Dynamic behaviour, Sensitive API, Readable file,
Android APK
O/P= Boolean(Yes/No), APK file folder.
Si= Download Android Apps.
So=Detect malware.
F=( F1, F2, F3, F4, F5 )
Unlabeled Android app samples.
F1=RBM Initialization We can increase the modeling capacity of the Boltzmann Ma-
chine (BM). A graphical depiction of an RBM is shown below
The energy function E(v,h)of an RBM is defined as

CHAPTER 1. SYNOPSIS
Figure 1.1 Restricted Boltzmann Machines(RBM)
where W represents the weights connecting hidden and visible units and b,c are the
offsets of the visible and hidden layers respectively.
F2= CD-K Sampling.

Contrastive Divergence (CD-k)
Contrastive Divergence uses two tricks to speed up the sampling process:
• since we finally want p(v)=Ptrain(v) (the true, underlying distribution of the data),
we initialize the Marked chain with a training example (i.e., from a distribution that
is expected to be close to p, so that the chain will be already close to having meet
to its nul distribution p ).
• CD does not wait for the chain to converge. Samples are obtained after only k-steps
of Gibbus sampling. In practice, K=1 has been shown to work surprisingly well.
F3= Updating Parameters.
For each parameter update, we extract new samples by simply running the chain for
k-steps. The state of the chain is then preserved for subsequent updates.
F4= RBM Assessment.

The RBM Communications Assessment is the initial stage in the process to develop ef-
fective and inclusive national malaria communication strategies in RBM.
Labeled Android app samples.
F5= Back propagation for fine-tuning.

1. Training a DBN is nothing but preparation RBMs one on the top of another. When

CHAPTER 1. SYNOPSIS
we are done with all layers of the DBN training, we use back-propagation to fine-
tune model. We can think of it as if we forget about the DBN model and we just
keep the same network but we pleasure it as a mlp (with the same units and the
same connections among them) and we use the weights we got in the training of
the DBN for mlp. Now, we use back-propagation to fine-tune wer model.
2. When we follow the steps declare above and we fine-tune a mlp using back-propagation,
we can use a conformation set for hyper-parameter selection. So, its the same as
training a mlp.
3. In fact, unsupervised pre-training is especially useful when we have very few marker
data. It puts parameters in the right regime and we can use very few marker exam-
ples to fine-tune it. However, it is possible to over t and we can use regularization
methods to avoid it. Another exciting issue is that, unsupervised pre-training is a
regularize itself. It forces the weights of the model to be close to the weights that
represent the data.
Sf= Greedy Scheme(),Training(),Generate(),Error(),Iterative operation().
Ct= bigO(n)
Cs= bigO(m)
Pn= 1
1.9 Names of Conferences/Journals where papers can

be published
• -International Journal of Emerging Research in Management and Technology (IJERMT).
• -International Research Journal of Engineering and Technology(IRJET).
• -International Journal of Innovative Science Engineering and Technology (IJISET).
• -International Journal of Engineering Research Management(IJERM)
• -International Journal For Scientific Research and Development(IJSRD).
• -International Journal of Advanced Engineering Research and Applications (IJA-
ERA)

CHAPTER 1. SYNOPSIS
1.10 Review of Conference /Journal Papers Support-

ing Project Idea
• Paper 1: DroidMiner: automatic Mining and classification of Fine-grained Malicious
Behaviors in Android Applications.
• Paper 2: Identify APT Malware Infections Based on Malicious DNS and Traffic
Analysis
Analysis
• Paper 4: Android Malware DetectionUsing Machine Learning Approch
• Paper 5: Study of Android Malware finding methods and Machine Learning
• Paper 6: A Machine Learning technique to Android Malware Detection.
• Paper 7: Malware Detection Techniques in Android.
• Paper 8: An review Android Antimalware that identify Malicious Dynamic Code
in Apps.
• Paper 9: Detecting Malicious Apps in Official and Alternative Android Markets.
• Paper 10: HADM: Hybrid Analysis for Detection of Malware.

CHAPTER 1. SYNOPSIS
Table 1.1 literature survey

CHAPTER 1. SYNOPSIS

CHAPTER 1. SYNOPSIS
1.11 Explanation
1. DroidMiner: automatic Mining and classification of Fine-grained Malicious
Android app finding approaches rely on yourself selected detection heuristics, fea-
tures, and models. In this paper, we explain a new, corresponding method, called Droid-
Miner, which uses static analysis to automatically mine malicious program reason from
known Android malware, abstracts this reason into a sequence of threat modalities, and
then seeks out these threat modality patterns in other unknown Android apps
2. DREBIN : efficient and understandable Detection of Android Malware

in Your Pocket
Malicious applications pose a threat to the security of the Android stage. The
growing quantity and variety of these applications render predictable defenses largely
unsuccessful and thus Android Smartphone’s often stay unprotected from original mal-
ware. In this paper, we propose DREBIN, a lightweight method for finding of Android
malware that allow identifying malicious applications openly on the Smartphone. As the
limited resources delay monitoring applications at run-time, DREBIN do a large static
analysis, gather as many features of an application as possible. These features are fixed
in a joint vector space, such that typical patterns problem-solving for malware can be
automatically identified and used for explaining the decisions of our way.
3. Identify APT Malware Infections Based on Malicious DNS and Traffic

Analysis
Advanced persistent threat (APT) is a serious risk to the Internet. With the aid
of APT malware, attacker can remotely manage infected machines and steal responsive
information. DNS is popular for malware to locate command and control (CC) servers.
In this paper, we propose a new system placed at the network way out point that aims to
essentially and effectively detect APT malware infectivity support on malicious DNS and
static analysis. The system uses malicious DNS analysis method to identify suspicious
APT malware CC domains, and then examine the trace of the corresponding suspicious
IP using the signature-based and anomaly based detection technology.

CHAPTER 1. SYNOPSIS
4. Android Malware DetectionUsing Machine Learning Approch

We here Permission as well as String Based Anomaly Detection System for detect-
ing Meaningful deviation in a mobile application’s network behavior. The main goal of
proposed system is to protect mobile device users and avoid uncertainty of users. Identifi-
cation of republished popular applications injected with a malicious code. More specially,
we attempt to detect a new type of mobile malware with self-updating capabilities that
were newly found on the official Google Android Marketplace. Android applications are
becoming increasingly because android phones are wide spread and steadily gaining pop-
ularity.
5. Study of Android Malware finding methods and Machine Learning

Android OS is one of the widely used mobile Operating Systems. The amount of
malicious applications and adware’s are increasing constantly on par with the number
of mobile devices. A great number of viable signature based tools are available on the
market which prevent to an extent the access and distribution of malicious applications.
many researches have been conducted which declare that established signature based
Finding system work well up to certain level and malware authors use many methods to
avoid these tools.
6. A Machine Learning technique to Android Malware Detection.
The recent emergence of mobile platforms capable of executing increasingly complex
software and the increasing ubiquity of using mobile platforms in sensitive applications
such as banking, there is a increasing danger associated with malware targeted at mobile
devices. The problem of detecting such malware presents single challenges due to the
limited resources avalible and limited privileges granted to the user, but also presents
unique chance in the required metadata attached to each application. In this article, we
present a machine learning based system for the finding of malware on Android devices.
Our system extracts a number of features and instruct a One-Class Support Vector Ma-
chine in an offline (off-device) manner, in order to leverage the higher computing power
of a server or cluster of servers.
7. Malware Detection Techniques in Android.

CHAPTER 1. SYNOPSIS
A new technique will be introduced to detect malware. This technique detects mal-
ware in android function through machine learning classifier by using both static and
dynamic analysis. This technique does not rely on malware name for static analysis but
instead android permission model is used. Under dynamic analysis, system identify trac-
ing is performed. Using both static and dynamic techniques along with machine learning
provides all in one answer for malware detection. The technique used by us is tested on
various benign samples collected from authorized android market (Google Play Store)
and on various malicious applications.
8. An review Android Antimalware that identify Malicious Dynamic Code

in Apps.
Android is now the most popular operating system and a major number of Smart-
phone’s, tablet computers ship with Android. However, users feel their personal in-
formation at threat, facing a quickly increasing number of malware for Android which
much exceed that of other stage. Antimalware’s software guarantee to effectively pro-
tect against malware on Smartphone’s and many products are accessible for free or at
reasonable prices. We systematically analyze the security implications of the capability
to load malicious dynamic code in Android apps. We assess an Android Antimalware
software tool to identify try to load malicious code and from the study of many online
applications we observed, that malicious code is loaded in an insecure way is a major
issue. We also show how malware can use code-loading techniques to avoid detection by
develop a theoretical weak point in current Android malware protection.
9. Detecting Malicious Apps in Official and Alternative Android Mar-

kets.
We present a systematic study for the detection of malicious applications on popu-
lar Android Markets. To this end, we first propose a permission-based behavioral foot
printing scheme to detect new test of known Android malware families. Then we apply
a heuristics-based filtering system to identify certain inherent behaviors of unknown ma-
licious families. We implemented both schemes in a system called Droid Ranger. The
results show that current marketplaces are functional and relatively healthy. However,
there is also a clear need for a precise policing process, mainly for non-regulated another

CHAPTER 1. SYNOPSIS
market places.
10. HADM: Hybrid Analysis for Detection of Malware.

We propose a novel Android malware classification method called HADM, Hybrid
Analysis for Detection of Malware. We initial remove static and dynamic information,
and convert this information into vector-based demonstration. It has been shown that
combining higher features derived by deep learning with the original features provides
significant gains. Therefore, we feed both the original dynamic and static feature vector
sets to a Deep Neural Network (DNN) which production a new set of features. These
features are then concatenated with the unique features to construct DNN vector sets.
Special core are then practical onto the DNN vector sets.

CHAPTER 1. SYNOPSIS
1.12 Plan of Project
Table 1.2 Time-Line

CHAPTER 1. SYNOPSIS
1.13 Plan of Project
Table 1.3 TimeLine Table for Project

CHAPTER 2
TECHNICAL KEYWORDS
CHAPTER 2. TECHNICAL KEYWORDS
2.1 Area Of Project

• Android
Android is a mobile operating system (OS) currently developed by Google, based
on the Linux kernel and designed primarily for touchscreen mobile devices such as
smartphones and tablets. Androids user interface is mainly based on direct ma-
nipulation, using touch gestures that loosely correspond to real-world actions, such
as swiping, tapping and pinching, to manipulate on-screen objects, along with a
virtual keyboard for text input. In addition to touchscreen devices, Google has
further developed Android TV for televisions, Android Auto for cars, and Android
Wear for wrist watches, each with a specialized user interface. Variants of Android
are also used on notebooks, game consoles, digital cameras, and other electronics.
• Android SDK Tools

The Android software development kit (SDK) includes a comprehensive set of de-
velopment tools.These include a debugger, libraries, a handset emulator based on
QEMU, documentation, sample code, and tutorials. Currently supported devel-
opment platforms include computers running Linux any modern desktop Linux
distribution, Mac OS X 10.5.8 or later, and Windows XP or later. As of March
2015, the SDK is not available on Android itself, but the software development is
possible by using specialized Android applications.
• Java
Java is a programming language. It was first developed by James Gosling at Sun
Microsystems, which is now a part of Oracle Corporation. It was released in 1995
as a part of Sun Microsystems Java platform. The language has developed much
of its syntax from C and C++. Java applications are usually compiled to bytecode
class ?le that can run on any Java Virtual Machine (JVM). Java is currently one of
the most popular programming languages being used. It has about 10 million users.
• NetBeans 8.2

CHAPTER 2. TECHNICAL KEYWORDS
NetBeans is a software development platform written in Java. The NetBeans Plat-

form allows applications to be developed from a set of modular software components
called modules. Applications based on the NetBeans Platform, including the Net-
Beans integrated development environment (IDE), can be extended by third party
developers.The NetBeans IDE is primarily intended for development in Java, but
also supports other languages, in particular PHP, C/C++ and HTML5.NetBeans
is cross-platform and runs on Microsoft Windows, Mac OS X, Linux, Solaris and
other platforms supporting a compatible JVM.
The project belongs to the field of Android Applications and it can be used for Protection
and Security purpose.
2.2 Technical Keywords

1. Android security.
2. Malware detection.
3. Characterization.
4. Deep learning.
5. Association rules mining.

CHAPTER 3
INTRODUCTION
CHAPTER 3. INTRODUCTION
3.1 Need
Android market, such as the Google Play Store and other third-party markets, play
an important role in the popularity of Android devices. However ,the closeness of Android
makes these markets hot targets for malware attacks and causes in finite instances of
malware being hidden behind a large number of benign apps that seriously threatens
users’ security and privacy.
Today, the main countermeasure to defense against malware on Android platforms
is a risk communication mechanism that informs users about the permissions required
before installing each app. This mechanism is rather ineffective, as it presents permissions
in a stand-alone fashion, thus requiring too much technical knowledge for a user to be
able to differentiate malware from benign apps. A better characterization of Android
malware would achieve a better accuracy in their detection. Deep learning is a new area
of machine learning investigation that imitates the way the human brain works and has
gained increasing work in the field of artificial intelligence.
We first extracted a total of 192 features from static and dynamic app analysis and
then apply the deep learning technique to distinguish malware from benign apps.
3.2 Basic concepts

Smartphone’s and mobile tablets are quickly becoming indispensable in daily life.
Android has been the most famous mobile operating system since 2012. However, due to
the open nature of Android, countless malwares are unseen in a large number of benign
apps in Android markets that severely threaten Android security. Deep learning is a
new area of machine learning research that has addition increasing attention in artificial
intelligence. In this study, we propose to equal the features from the static analysis with
features from dynamic investigation of Android apps and characterize malware using deep
learning method. We apply an online deep-learning-based Android malware detection en-
gine (DroidDetector) that can automatic detect whether an app is a malware or not. With
no. of of Android apps, we thoroughly test DroidDetector and perform an in depth anal-
ysis on the characteristic that deep learning essentially exploits to characterize malware.
The results show that deep learning is appropriate for distinguish Android malware and
especially effective with the availability of more preparation data. DroidDetector can

Figure 3.1: Android Malware Detection.
attain 96.76 detection accuracy, which outperforms traditional machine learning method.
An evaluation of ten famous anti-virus softwares demonstrates the urgency of advancing
our capabilities in Android malware detection.
In this project, our contributions include: We describe our development of a deep-
–learning-based Android malware detection engine (Droid Detector) that has been put
online for user testing and can automatically detect whether an app is a malware or
not. We crawl 20000 apps from the Google Play Store and collect 1760 malwares from
the well-known Contagion Community and Genome Project With these real-world apps,
we thoroughly test DroidDetector and execute an in-depth analysis on the features that
deep learning basically exploits to characterize malware using association rule mining
techniques. We conduct experiments on ten popular anti-virus software and reveal that
they are extremely vulnerable to packet operation. In the light of our analyses, we reason
that deep learning is a promising technique for Android malware detection.

Figure 3.2: Android Dialog Box.
To systematically characterize Android apps. We conduct static and dynamic anal-

yses to extract features from each app. Static analysis with those from dynamic analysis,
which can then better characterize Android malware.
• Static Analysis:
In the static phase, we uncompress the .apk le with the 7-Zip tool and then focus
on parsing the two les AndroidManifest.xml classes.dex. By analyze the Android
Manifest.xml file with the tool AXML-Printer2 and the parser TinyXml, we can
find the permissions necessary by the app. For example, android permission of call,
phone is the permission obtain for an app to make a phone call and, camera is the
permission required for an app to access the camera. In this we looked for a total of
120 permissions. By parsing the classes.dex file with the disassembler baksmali, we
know that which API functions are called. For ex. chmod is a sensitive API that
might be used for changing users permissions on les and Content Resolver delete is
a sensitive API that might be used for deleting user messages or contacts. In this
step, we looking for a total of 59 sensitive API functions.
• Dynamic Analysis:
In the dynamic phase, we install and run each app in DroidBox. DroidBox is an
Android application sandbox that increase Taint Droid, which can execute a dy-
namic taint analysis with system hooking at the application framework level and

monitor a mixture of app actions such as information leaks, network and le in-
put/output, cryptography operation like, Short Message Services (SMS), and mo-
bile phone calls. In this study, we ran the apps inside DroidBox for a time period
to obtain the executed app actions (i.e., dynamic behaviors) of each app. In this
phase, we monitored a total of 13 app actions. For example, action send net is the
action that sends data over the network, action phone calls is the action that sorts a
phone call, and action send sms is the action that sends SMS messages. In this way,
we achieve a total of 192 features for each app through static and dynamic analyses.
• Deep learning:
Deep learning models with a deep architecture change that condition. In practical
use, a deep learning model can be constructed with different deep architectures,
e.g., Deep Belief Networks (DBN) and property neural networks. For this paper, we
chose DBN architecture to build our deep learning model and characterize Android
apps. The construction of a deep learning model has two phases, the un-supervised
pre-training phase and supervised back-propagation phases.
• DBN:
The DBN is hierarchically built by stacking a number of Restricted Boltzmann
Machines (RBM), with the deep neural network respect as a latent variable model,
which is beneficial for gradually evolving high-level representations. In the back-
propagation phase, the pre-trained DBN is ne-tuned with labeled samples in a
supervised manner. The deep learning model uses the same app set in both segment
of the training process.
• Droid Detector :
We implemented the Android malware detection engine DroidDetector based on
the deep learning model, as shown in Fig. DroidDetector has been open online for
user testing and can automatically detect whether a submitted app is a malware or
not. Once the .apk file of an app is submitted, DroidDetector checks its integrity
and determines whether it is a complete, correct, and legitimate Android applica-
tion. Next, DroidDetector executes a static analysis to obtain the permissions and
sensitive APIs that are used by this app. Then, DroidDetector executes a dynamic
analysis by installing and running this app in DroidBox for a fixed period of time. In

Figure 3.3: Deep learning model constructed with DBN.
this way, DroidDetector identifies the dynamic behaviors that are being performed.
• Malware:

CHAPTER 4
PROBLEM DEFINITION AND SCOPE

CHAPTER 4. PROBLEM DEFINITION AND SCOPE
4.1 Problem Statement

We implemented the Android malware detection engine DroidDetector based on
the deep learning mode DroidDetector has been open online for user testing and can
automatically detect whether a submitted app is a malware or not. Once the .apk file of
an app is submitted, DroidDetector checks its integrity and determines whether it is a
complete, correct, and legitimate Android application.
To systematically characterize Android apps (i.e., both malware and benign apps),
we conduct static and dynamic analyses to extract features from each app. All the
features fall under one of three types: required permissions, sensitive APIs, and dynamic
behaviors. Specifically, all we need is the installation file (i.e., apk ?le) of each Android
app.
4.1.1 Description Of Problem

We plan to associate the features from the static analysis with features from dy-
namic analysis of Android apps and describe malware using deep learning techniques.
We implement an online deep-learning-based Android malware finding engine that can
by design detect whether an app is a malware or not. With thousands of Android apps,
We carefully test DroidDetector and perform an in depth analysis on the features that
deep learning basically utilize to describe malware. The outcome show that deep learning
is suitable for characterizing Android malware and mainly useful with the accessibility of
more training data. DroidDetector can achieve 96.76 detection correctness, which outper-
form fixed machine learning techniques. An evaluation of ten popular anti-virus softwares
demonstrates the need of proceed our capabilities in Android malware detection.
4.1.2 Goals and Objective

• In this project our goal is provide the protection to Android mobile phones from
the Malware Apps by implementing the following terms:
1. Registration:
After Registration, Validation Activity is done. In Validation Activity we check
whether User is valid or not.
2. Authentication:
Authentication Activity does to authenticate the legitimate User and preventing

them from malicious User. This activity takes place when user enters the Login
details. In Authentication we authenticate the User by matching the Entered ID
and Password with the saved ID and Password in the Database.
3. Sample Database:
Sample Database contains Password, User name, and Account details.
4. Static Analysis: Required permissions and sensitive APIs are extracted through
the static analysis. static analyses to characterize Android malware and extract
features from each app.
5. Dynamic Analysis:
Dynamic analysis app analyses and then applied the deep learning technique. dy-
namic analysis of Android apps and learn the difference between malware and be-
nign apps automatically.
6. Deep learning:
Deep learning is a capable technique for Android malware detection. deep learning
model has two phases, the unsupervised pre-training phase and supervised back-
propagation phases.
7. DBN:
The DBN is hierarchically built by stacking a number of Restricted Boltzmann Ma-
chines (RBM), which is bene?cial for gradually evolving high-level representations.
The pre-trained DBN is ?ne-tuned with marker samples in a supervised manner.
8. Droid Detector :
Droid Detector has been open online for user testing and can automatically identify
whether a submitted app is a malware or not. Once the .apk file of an app is sub-
mitted, Droid Detector checks its integrity and determines whether it is a complete,
correct, and legitimate Android application.
9. Malware:

4.1.3 Statement Of Scope

The proposed approach explores the possibility of fusing images from distinct fingers
at the image level and determining how this will affect authentication performance. The
proposed approach could be used to mix the prints of the thumb and the index fingers
of a single individual, or index fingers of two different individuals in order to generate a
new fingerprint. Therefore, the concept of fingerprint could be utilized in a multi finger
authentication system. This has benefits in terms of storage and security.
Function declaration
F1-Node 1: RBM Initialization

F2-Node 2: CD-K Sampling.
F3-Node 3: Updating Parameters.
F4-Node 4: RBM Assessment.
F5-Node 5: Back propagation for fine-tuning.
Functional Dependency in table format:
Table 4.1 Functional matrix
4.1.4 Software Context

The application we are developing is going to be useful in Android Market, Android
mobile users and also prevent the attack from malware and provide security to the mobile

user from unauthorized access and permissions.
4.2 Major Constraints

1. PRIM protocol
2. Malware
3. Benign app
4. Malicious apps
4.3 Methodologies Of Problem Solving And Efficiency

Issues
Table 4.2 Methodology

4.4 Outcome
The Output from the computer is required to mainly create an efficient method of
communication within the company primarily among the project leader and his team
members, in other words, the administrator and the clients. The output of VPN is the
system which allows the project leader to manage his clients in terms of creating new
clients and assigning new projects to them, maintaining a record of the project validity
and providing folder level access to each client on the user side depending on the projects
allotted to him. After completion of a project, a new project may be assigned to the
client. User authentication procedures are maintained at the initial stages itself. A new
user may be created by the administrator himself or a user can himself register as a
new user but the task of assigning projects and validating a new user rests with the
administrator only.
The application starts running when it is executed for the first time. The server
has to be started and then the internet explorer in used as the browser. The project
will run on the local area network so the server machine will serve as the administra-
tor while the other connected systems can act as the clients. The developed system is
highly user friendly and can be easily understood by anyone using it even for the first time.
4.5 Applications
The application that will be developed is going to be useful to the police force. We
could say that the intended audience for the application are the various types of police
forces.
• It provide security to mobile user.
• Security of the Android platform.
• Android markets and smartphones.
• It is also used in business, as well as commercial purpose.

4.6 Hardware Requirement:
Table 4.3 Hardware Requirement
4.7 Software requirement
Table 4.4 Software Requirement

4.8 Operating Environment:

• Web Browser
• Xampp Server
• Android device
• Java
4.9 Development Environment:

• Android Studio
• NetBeans 8.2
• JDBC
• ODBC
• JAVA
4.10 Testing Environment:

OS: Windows operating system
Ram: RAM: 512MB min

CHAPTER 5
PROJECT PLAN
CHAPTER 5. PROJECT PLAN
5.1 Project Estimates
5.1.1 Waterfall Model
Figure 5.1 Waterfall Model
Waterfall Model is also called as the Linear Sequential Life Cycle Model. This model
followed in the sequential order and so we move to next step of development of software.

• Requirements
This is the first phase of the development in which all requirements are gathered
and documented.Requirements are:
- Android device.
- Google PlayStore.
• System Models
In system design and analysis phase all gathered requirements whether the require-
ments are valid or not.
- Deep learning model
- Machine learning model
- Automatic static analysis
- Automatic dynamic analysis
- Crawler
• Implementation
In implementation phase all development works are performed and development
components are handed over to the testing. Implementation consist of:
-UML Diagrams
- DFD Level 0
- DFD Level 1
- DFD Level 2
• Testing
Once the development completed, testing phase starts. In this phase we test the
each unit and also make sure that the developed components are working as per
expected.
-Black box and White box testing.
-GUI testing.
-Validation testing.
-Scenario based testing.

• Verification
Once the testing is completed and make sure that there is no bug and issue, then
project is deployed.
-Customers feedback.
-Customers satisfaction.
• Maintenance
In maintenance phase we can maintain the developed software product.
-Hand manual.
-User Guide.
5.2 Reconciled Estimates

Cost Estimate
It is the most frequently used technique for evaluating the effectiveness of the pro-
posed system. More commonly known as cost/benefit analysis. It determines the benefits
savings that are expected from the proposed system compare them with costs. The sys-
tem is economically feasible since it would not entail additional hardware, thereby savings
on the costs the manpower involved.
In economical feasibility study we do some calculations as follow.
-To calculate the efforts, time and KLOC we use the COCOMO i.e. Cost Constructing
Model.
-Types of COCOMO.
1.For beginners (design phase)
2.COCOMO 1.2 (coding phase)
3.COCOMO 2.0(after completing all phases)
We develop software of organic category. For this category COCOMO providing following:
1. Estimation of Development Effort :

Organic Effort :2.4 * (10)1.05 = 26 PM
2. Estimation of Development Time :

Organic Tdev : 2.5 * (26)0.38 = 8 Months
3. Cost require to develop the Project :

Organic cost : 8 * 600=4800
5.2.1 Project Resources

• People - End Customer/user (Android mobile user)
• Hardware - No hardware resources required.
• Software - A Software interface is required for application connection. Android
Studio 2.2 ,Develop faster with features such as the new Layout Editor, which
makes creating an app user interface quick and intuitive.
• Tools - web tools(JavaScript, PHP, Android )
5.3 Risk Management w.r.t. NP Hard Analysis

There are lot of programs that dont run in polynomial time on a regular computer
but do run in polynomial time on a non-deterministic turing machine. These programs
solve problems in NP, which stands for Non-Deterministic Polynomial time . If a problem
is NP-Hard this means it can reduce any problem in NP to that problem. This means if i
can solve that problem i can easily solve any problem in NP. NP-hard (non-deterministic
polynomial-time hard), in computational complexity theory, is a class which includes
problems that are, informally, at least as pard as the hardest problems in NP.
If the NP-complete problem P that is polynomial time Turing-reducible to H (i.e.,
PTH) then the problem H is a NP Hard. In other words, by an oracle machine with
an oracle for H , P can be solve in polynomial time. Informally, we are thinking about
an algorithm that solves P in polynomial time and can call such an oracle machine as a
subroutine for solving H, if only one step is required to compute by subroutine calls. NP
hard problems may be of any type: search problem, decision problems, or optimization
problems.
If solving a problem in polynomial time would make it possible to solve all problems
in class NP in polynomial time then the problem is NP Hard. Some NP-hard problems
are not in NP but some are in NP are called NP-complete.

5.3.1 Risk Identification

Project Risk Management includes the processes of conducting risk management
planning, identification, analysis, response planning, and controlling risk on a project.
The objectives of project risk management are to increase the likelihood and impact of
positive events, and decrease the likelihood and impact of negative events in the project.
Project Risk identification is the most important process in the Risk Management
Planning. Risk Identification determines which risks might affect the project and docu-
ments their characteristics. However, we should not spend too much time in identifying
risks. After the list is made, qualitative and quantitative analysis is done to figure out
which risks you spend time and/or money on.
In our project the requirements of end user is fully understood which minimizes
the risk. To develop the software the development team is skilled and have appropriate
knowledge about the tools which we are using to develop the software.
Each team member is equally involved in the development of project in each stage.
The number of peoples required for developing are sufficient.
The requirement gathered is constant or stable which minimizes the risk of develop-
ing a inaccurate project.

5.3.2 Risk Analysis
Table 5.1 Risk Description
Table 5.2 Probability
Table 5.3 Impact

5.3.3 Overview Of Risk Mitigation,Monitoring,Management
Table 5.4 Risk Mitigation,Monitoring,Management

Table 5.5 Risk Mitigation,Monitoring,Management

5.3.4 Project Schedule

Terminologies use for designing.
• Create Account on Google Play-Store
• Upload Malware Apps. .
• Malware free Apps.
• Download the app.
• Characterize App
• Detection

5.3.5 Timeline Chart

5.3.6 Task Network
Figure 5.2 Task Network

5.4 Team Organization
5.4.1 Management Reporting And Communication

Communications Management Software might a new concept to some of you, you
might be surprised to learn it’s actually been around for decades but the simple fact is,
most businesses don’t explore it completely and so there are many benefits of this great
application that never get used.
In the past, Communications Management Software has generally been used to just
allocate outgoing telephone call costs across departments, or as a means to confirm a
phone bill is correct at the end of the month. Whilst these are all certainly valuable
assets, there are many different ways that the software can benefit all business functions,
automatically, and daily.
Today Communications Management Software can provide substantial benefits for
your business, regardless of its size or industry sector and should be an essential element
to every organisations and communications set-up, to ensure equipment and lines are
being used effectively, usage is improved and costs reduced.

5.4.2 Team Structure
Table 5.7 Team Structure

Table 5.8 Management Report

CHAPTER 6
SOFTWARE REQUIREMENT
SPECIFICATION
CHAPTER 6. SOFTWARE REQUIREMENT SPECIFICATION
6.1 Introduction
Asoftware requirements specification (SRS) is a description of a software system to
be developed, laying out functional and non-functional requirements, and may include a
set of use cases that describe interactions the users will have with the software.
To validate the ability of the deep learning model to detect Android malware and
make an in-depth analysis on the features that deep learning essentially exploits to char-
acterize malware, we conducted experiments on three public app sets. One benign app set
was randomly crawled from the Google Play Store, which contains a large-scale of 20000
apps. Although there might be a few malicious apps hidden among them, we regard all
of them as benign apps. Another two malicious app sets were respectively collected from
the Contagio Community (there are only about 400 apps at present, as we have accumu-
lated for two years, 500 malicious apps are collected)and Genome Project(including1260
malicious apps). So,the total number of malicious apps is 1760 while there are 20000
benign apps.
6.1.1 Purpose And Scope of Document
Product perspective
Android market, such as the Google Play Store and another third-party markets,
play an important role in the popularity of Android devices. However ,the closeness of
Android makes these markets hot targets for malware attacks and causes infinite instances
of malware being hidden behind a large number of benign apps that seriously threatens
users’ security and privacy.
Today, the main countermeasure to defense against malware on Android platforms is a
risk communication mechanism that inform users about the permissions required before
installing each app. This mechanism is rather ineffective, as it presents permissions in
a stand-alone fashion, thus requiring too much technical knowledge for a user to be
able to differentiate malware from benign apps. A better characterization of Android
malware would achieve a better accuracy in their detection. Deep learning is a new area
of machine learning investigation that imitates the way the human brain works and has
gained increasing work in the field of artificial intelligence.
We first extracted a total of 192 features from static and dynamic app analysis and then

apply the deep learning technique to distinguish malware from benign apps.
6.1.2 Overview Of Responsibilities Of Developer

The developer needs to design a system that can extract the Minutiae set from the
fingerprint image scanned. It is the job of the developer that the he should design a
system that can stores the minutiae set and image too. The developer must take care
reconstructed fingerprint image is accurate as per the original image.
6.2 Usage Scenario

This use case scenario considers the goal of publishing a short story. It breaks down
the process of book publishing by describing the actors, the typical work flow in the main
success story, and the things that could go wrong, called Extensions. When managing
projects that use UML conventions, there can be a temptation to jump straight into the
use case diagram, with stick figures, ovals, and lots of lines. But if we don’t know where
goals and who’s involved take a step back and write were goals down in prose.
6.2.1 User Profiles

The proles of all user categories are described here. Actors and their Description.
6.2.2 Use-cases
A use-case diagram shows a set of use cases and actors and their relationships. These
diagrams are used to shows the static use case view of system. Use case diagrams are
more important in developing the behavior of system. Use case diagram represent a set
of use cases and actors and their relationships.
Use case diagrams describe a user action Online submitted app, App integrity check-
ing. Dynamic Analysis takes Android APK, Droid Box sandbox, Dynamic behavior ac-
tions. . Then static analysis 1 takes Required permission(),Readable file(),AndroidManifest
.xml() actions as well as static analysis 2 takes Sensitive API(), Disassembled files(),
classes.dex() actions. Then Crawled take Newly crawled malware to static analysis.
Then Deep learning Pre-trained() and Back propagation for ?ne-tuning() action takes
place and checks app Malware or not. Then DBN takes action RBM initialization(),
CD-k Sampling(), Updating parameter(), RBM Assessment() functions.

Figure 6.1 Use-Case Diagram
6.3 Functional Model And Description
6.3.1 Data Flow Diagram

This use case scenario considers the goal of publishing a short story. It breaks down
the process of book publishing by describing the actors, the typical work flow in the
main success story, and the things that could go wrong, called Extensions. When man-
aging projects that use UML conventions, there can be a temptation to jump straight
into the use case diagram, with stick figures, ovals, and lots of lines. But if you don’t
know your goals and whose involved, take a step back and write your goals down in prose.

6.3.2 DFD Level-0:
Figure 6.2 DFD Level-0
In above DFD level 0 views the user uses Deep Belief Networks (DBN) for graphical
model implement with Static Analysis and Dynamic Analysis.

6.3.3 DFD Level-1:
In above DFD level 1 shows that in Static Analysis AndroidManifest .xml and classes
file is a parser that required some permissions and can be modify,read by readable file.
By Disassembled files we can know which API function is called that are sensitive API.
Dynamic Analysis using droidbox we can install and run each app. In dynamic behavior
obtain executed actions of app. Deep Belief Networks (DBN) first initialize Restricted
Boltzmann Machines (RBM), training CD-K Sampling. Contrastive Divergence (CD-k),
generate Updating Parameters, The RBM Communications Assessment.

6.3.4 DFD Level-2:
In above DFD level 2 shows that in Static Analysis AndroidManifest .xml and classes
file is a parser that required some permissions and can be modify,read by readable file.
By Disassembled files we can know which API function is called that are sensitive API.
Crawler 1 and Crawler 2 provide Newly Crawler Malware and Google PlayStore for
Android App Malware detection. Dynamic Analysis using droidbox we can install and

run each app. In dynamic behavior obtain executed actions of app. Crawler 1 and
Crawler 2 checks positive feature set and negative feature set, Then control goes to
Deep Learning model, Deep Belief Networks (DBN) first initialize Restricted Boltzmann
Machines (RBM), training CD-K Sampling. Contrastive Divergence (CD-k), generate
Updating Parameters, The RBM Communications Assessment.
6.3.5 Sequence Diagram

Sequence diagrams are very useful in summarizing instances within distributed sys-
tem components and are often useful in testing. The sequence diagrams are also called
as interaction diagrams. Sequence diagrams focuses on visualizing the summarization of
responsibility.
A Sequence diagram is an interaction diagram that shows how objects operate with
one another and in what order. It is a construct of a message sequence chart. A sequence
diagram shows object interactions arranged in time sequence. In above diagram shows
the user 1st submitted online App then App integrity checking.
Sequence goes to Automatic Statice Analysis 1 then self operation get performed
AndroidManifest .xml, Readable file, Required permission. Static Analysis 2 self opera-
tion get performed classes.dex, Disassembled ?les, Sensitive API. Crawler 1 and Crawler
2 provide Newly Crawler Malware and Google PlayStore for Android App Malware de-
tection. Sequence goes to Automatic Dynamic Analysis then self operation get performed
Android APK, Driodbox sandbox, Dynamic behavior.
Crawler 1 and Crawler 2 checks positive feature set and negative feature set. Deep
learning model pre-trained DBN and perform operations Restricted Boltzmann Machines
(RBM), training CD-K Sampling. Contrastive Divergence (CD-k), generate Updating
Parameters, The RBM Communications Assessment. Back propagation for ?ne-tuning
to Deep learning model and detect the malware or not.

Figure 6.5 Sequence Diagram

6.4 Class Diagram

The class diagram is type of static structure diagram that describes the structure
of the system by showing the systems classes, their attributes , operations, methods and
relationship among the objects.
Figure 6.6 Class Diagram
A Class diagram describes the structure of a system that shows the User class that
perform the Automatic static analysis(), Automatic dynamic analysis(),Deep learning
model(),Online submitted app(),App integrity checking() functions. Then static analysis
1 perform Required permission(),Readable file(),AndroidManifest .xml() as well as static
analysis 2 perform Sensitive API(), Disassembled ?les(), classes.dex() functions. After

that Dynamic analysis perform Android APK(), DroidBox sandbox(),Dynamic behav-

ior(). Then Deep learning perform Pre-trained() and Back propagation for ?ne-tuning().
Then DBN perform RBM initialization(), CD-k Sampling(), Updating parameter(), RBM
Assessment() functions.
6.5 Component Diagram

The component diagram shows a set of component with their relationship. It shows
the dependancies between set of components. Component diagrams are useful to develop
the static implementation of a system.
Figure 6.7 Component Diagram
In above component diagram shows the functionalities of User, Static Analysis

1, Static Analysis 2, Dynamic Analysis, Deep Learning, Deep Belief Networks(DBN),
Crawler 1 and crawler 2.

6.6 Non functional requirement

• Security: Every time you that you download a normal program, you are risking
a viral infection. Prior to Java, most users did not download executable programs
frequently, and those who did scanned them for viruses prior to execution. Most
users still worried about the possibility of infecting their systems with a virus. In
addition, another type of malicious program exists that must be guarded against.
This type of program can gather private information, such as credit card numbers,
bank account balances, and passwords. Java answers both these concerns by pro-
viding a firewall between a network application and your computer.When you use
a Java-compatible Web browser, you can safely download Java applets without fear
of virus infection or malicious intent.
• Portability: For programs to be dynamically downloaded to all the various types

of platforms connected to the Internet, some means of generating portable exe-
cutable code is needed .As you will see, the same mechanism that helps ensure
security also helps create portability. Indeed, Javas solution to these two problems
is both elegant and efficient.
• Simple: Java was designed to be easy for the Professional programmer to learn and
to use effectively. If you are an experienced C++ programmer, learning Java will
be even easier. Because Java inherits the C/C++ syntax and many of the object
oriented features of C++. Most of the confusing concepts from C++ are either left
out of Java or implemented in a cleaner, more approachable manner. In Java there
are a small number of clearly defined ways to accomplish a given task.
• Object-Oriented: Java was not designed to be source-code compatible with any

other language. This allowed the Java team the freedom to design with a blank
slate. One outcome of this was a clean usable, pragmatic approach to objects. The
object model in Java is simple and easy to extend, while simple types, such as in-
tegers, are kept as high-performance non-objects.

• Robust: The multi-platform environment of the Web places extraordinary de-

mands on a program, because the program must execute reliably in a variety of
systems. The ability to create robust programs was given a high priority in the
design of Java. Java is strictly typed language; it checks your code at compile time
and run time. Java virtually eliminates the problems of memory management and
deallocation, which is completely automatic. In a well-written Java program, all
run time errors can and should be managed by your program.
6.7 Design Constraint

• End User
In this module, User has to register and get authorized by the admin to login, and
then the user will upload the documents with the digital sign, and share the up-
loaded file to other users. The user will search for documents by giving the keyword
based on the contents, and downloads the related documents. The user will also
verify the uploaded documents from the data integrity attacker and recover if it is
not safe (attacked).
• Admin
Admin will authorize Users and view the documents uploaded. Admin will scan for
droid (malware) documents and send the alert to corresponding users and show the
ratio of droid affected files and the total files. Admin can view all the transactions
and the attackers for corresponding files. And also admin can block the user who
spreads the droid documents. Admin views the number of droid affected documents
and droid free documents in chart.

6.8 Software interface design
Figure 6.8 Registration

Figure 6.9 Register Usename and Password

Figure 6.10 Click Checkbox

Figure 6.11 Register E-mail

Figure 6.12 Verification of Username and password

CHAPTER 7
DESIGN
CHAPTER 7. DESIGN
Figure 7.1 Existing architecture
7.1 Existing System

Android markets, such as the Google Play Store and other third-party markets, play
an important role in the popularity of Android devices. However, the openness of An-
droid makes these markets hot targets for malware attacks and causes countless instances
of malware being hidden behind a large number of benign apps that seriously threatens
users security and privacy. Moreover, a report from McAfee Labs reveals that 3.73 mil-
lion pieces of mobile malware were identified in 2013, increasing an astounding 197 from
the end of 2012. Consequently, an urgent need arises to develop powerful solutions for
Android malware detection. Unfortunately, the Android market currently has no such
solution. Today, the main counter measure to defense against malware on Android plat-
forms is a risk communication mechanism that warns users about the permissions required
before installing each app. This mechanism is rather ineffective as it presents permissions
in a stand-alone fashion, thus requiring too much technical knowledge for a user to be
able to differentiate malware from benign apps. Note that both a benign and a malicious

CHAPTER 7. DESIGN
app may require the same permissions and are thus indistinguishable via this permission-
based mechanism. In general, permission-based approaches are developed primarily for
risk assessment rather than malware detection.
Disadvantages
• Malware attacks and causes countless instances of malware being hidden behind a
large number of being apps that seriously threatens users security and privacy.
• Main counter measure to defense against malware on Android platforms is a risk

communication mechanism that warns users about the permissions required before
installing each app. This mechanism is rather ineffective.

CHAPTER 7. DESIGN
7.2 Proposed System
Figure 7.2 Proposed architecture
In proposed system, (1) We describe our development of a deep-learning-based An-

droid malware detection engine (Droid Detector) that has been put online for user testing
and can automatically detect whether an app is a malware or not. (2) We crawl 20 000
apps from the Google Play Store and collect 1760 malwares from the well-known Conta-
gion Community and Genome Project. With these real-world apps, we thoroughly test
Droid Detector and perform an in-depth analysis on the features that deep learning es-
sentially exploits to characterize malware using association rule mining techniques. (3)
We conduct experiments on ten popular anti-virus software and reveal that they are ex-
tremely vulnerable to repackaging attacks. In the light of our analyses, we conclude that
deep learning is a promising technique for Android malware detection.
In this system we have automated the static and dynamic analyses of DroidDetector.
Once the total 192 binary features described have been collected, they are input in the

CHAPTER 7. DESIGN
deep learning model for classification. The detection results, including detailed informa-
tion from the integrity check and both analyses, are then reported to the users. Since the
new types of apps are constantly emerging, This system designed two crawler modules.
One is used for crawling benign apps from the Google Play Store and the other is used
for crawling malware from well-known malware sources (e.g., Contagio and Genome).
Using this strategy, we expect DroidDetector to keep pace with the evolution of Android
malware.).
Figure 7.3 Feature extraction for an Android app.
To validate the ability of the deep learning model to detect Android malware and
make an in-depth analysis on the features that deep learning essentially exploits to
char-acterize malware, we conducted experiments on three public app sets. One benign
app set was randomly crawled from the Google Play Store, which contains a large-s-
cale of 20000 apps. Although there might be a few malicious apps hidden among them,

CHAPTER 7. DESIGN
and regard all of them as benign apps. Another two malicious app sets were respec-
tively collected from the Contagio Community (there are only about 400 apps at present,
as we have accumu-lated for two years, 500 malicious apps are collected)and Genome
Project(including1260 malicious apps). So, the total number of malicious apps is 1760
while there are 20000 benign apps.
In the static phase, we uncompress the .apk le with the 7-Zip tool and then focus
on parsing the two les AndroidManifest.xml classes.dex. By analyze the Android Man-
ifest.xml file with the tool AXML-Printer2 and the parser TinyXml, we can find the
permissions necessary by the app. For example, android permission of call, phone is
the permission obtain for an app to make a phone call and, camera is the permission
required for an app to access the camera. In this we looked for a total of 120 permissions.
By parsing the classes.dex file with the disassembler baksmali, we know that which API
functions are called. For ex. chmod is a sensitive API that might be used for changing
users permissions on les and Content Resolver delete is a sensitive API that might be
used for deleting user messages or contacts. In this step, we looking for a total of 59
sensitive API functions.
Figure 7.4 Deep learning model constructed with DBN.
In the dynamic phase, then install and run each app in DroidBox. DroidBox is an
Android application sandbox that extends Taint Droid which can execute a dynamic taint
analysis with system hooking at the application framework level and examine a variety
of app actions such as information escape, network and file input/output, cryptography

CHAPTER 7. DESIGN
operations, Short Message Services (SMS), and mobile phone calls. In this paper, we
run the apps inside DroidBox for a period of time to find the executed app actions (i.e.,
dynamic behaviors) of each app. In this phase and monitored a total of 13 app actions.
For instance, action send net is the action that sends data over the network, action phone
calls is the action that makes a phone call, and action send sms is the action that sends
SMS messages. In this way, we achieve a total of 192 features for each app by static and
dynamic analyses. In this important factor that each feature is binary, representing that
when a feature occurs in an app, its feature value is 1; otherwise, its feature value is 0.
In addition, all the tools (i.e., 7-Zip, AXMLPrinter2, TinyXml, baksmali, and DroidBox)
In this system implemented that the Android malware detection engine DroidDetec–
tor based on the deep learning DroidDetector has been open online for user testing and
can automatically detect whether a submitted app is a malware or not. Once the .apk le
of an app is submitted, DroidDetector checks its integrity and determines whether it is
a complete, correct, and legitimate Android application. Next, DroidDetector executes
a static analysis to obtain the permissions and sensitive API that are used by this app.
Then, DroidDetector executes a dynamic analysis by installing and running this app in
DroidBox for a xed period of time. In this way, DroidDetector identi es the dynamic be-
haviors that are being performed. In this a completely automated the static and dy-namic
analyses of DroidDetector. Once the total 192 binary features described in Section 2 have
been collected, they are input in the deep learning model for classi cation. The detection
results, including detailed information from the integrity check and both analy-ses, are
then reported to the users. Since the new types of apps are constantly emerging, and
designed two crawler modules. One is used for crawling benign apps from the Google
Play Store and the other is used for crawling malware from well-known malware sources
(e.g., Contagio and Genome).
Using this strategy, we expect DroidDetector to keep pace with the evolution of
Android malware apps are constantly emerging; we have designed two crawler modules.
One is used for crawling benign apps from the Google Play Store and the other is used
for crawling malware from well-known malware sources (e.g., Contagio and Genome).
Using this strategy, we expect DroidDetector to keep pace with the evolution of An–
droid malware. 4 Evaluation To validate the ability of the deep learning model to detect

CHAPTER 7. DESIGN
Android malware and make an in-depth analysis on the features that deep learning ef-
fectively utilize to differentiate malware, we conducted experiments on three public app
sets. One benign app set was randomly crawled from the Google Play Store, which con-
tains a large-scale of 20000 apps. Although there might be a few malicious apps hidden
among them, we regard all of them as benign apps. Another two malicious app sets were
respectively collected from the Contagio Community.
Traditional machine learning models that have less than three layers of computation
units are considered to have shallow architectures. Fortunately, deep learning models with
a deep architecture change that situation. In practical use, a deep learning model can be
constructed with different deep architectures e.g., Deep Belief Networks (DBN) and con-
volutional neural networks. For this study, we chose DBN architecture to construct our
deep learning model and characterize Android apps. The construction of a deep learning
model has two phases, the unsupervised pre-training phase and supervised back-prop-
agation phases. In the pre-training phase, the DBN is hierarchically built by stacking
a number of Restricted Boltzmann Machines (RBM), with the deep neural network re-
garded as a latent variable model, which is beneficial for gradually evolving high-level
representations. In the back-propagation phase, the pre-trained DBN is finetuned with
labeled samples in a supervised manner. The deep learning model uses the same app set
in both phases of the training process. In this way, the deep learning model is completely
built.
7.3 Detailed Design

• Input Design
Input Design plays a vital role in the life cycle of software development, it requires
very careful attention of developers. The input design is to feed data to the appli-
cation as accurate as possible. So inputs are supposed to be designed effectively
so that the errors occurring while feeding are minimized. According to Software
Engineering Concepts, the input forms or screens are designed to provide to have
a validation control over the input limit, range and other related validations.
This system has input screens in almost all the modules. Error messages are devel-
oped to alert the user whenever he commits some mistakes and guides him in the
right way so that invalid entries are not made. Let us see deeply about this under

CHAPTER 7. DESIGN
module design.
Input design is the process of converting the user created input into a computer-
based format. The goal of the input design is to make the data entry logical and
free from errors. The error is in the input are controlled by the input design.
The application has been developed in user-friendly manner. The forms have been
designed in such a way during the processing the cursor is placed in the position
where must be entered. The user is also provided with in an option to select an
appropriate input from various alternatives related to the field in certain cases.
Validations are required for each data entered. Whenever a user enters an erroneous
data, error message is displayed and the user can move on to the subsequent pages
after completing all the entries in the current page.
• Output Design
The Output from the computer is required to mainly create an efficient method
of communication within the company primarily among the project leader and his
team members, in other words, the administrator and the clients. The output
of VPN is the system which allows the project leader to manage his clients in
terms of creating new clients and assigning new projects to them, maintaining a
record of the project validity and providing folder level access to each client on
the user side depending on the projects allotted to him. After completion of a
project, a new project may be assigned to the client. User authentication procedures
are maintained at the initial stages itself. A new user may be created by the
administrator himself or a user can himself register as a new user but the task of
assigning projects and validating a new user rests with the administrator only.
The application starts running when it is executed for the first time. The server has
to be started and then the internet explorer in used as the browser. The project will
run on the local area network so the server machine will serve as the administrator
while the other connected systems can act as the clients. The developed system is
highly user friendly and can be easily understood by anyone using it even for the
first time.

CHAPTER 7. DESIGN
7.3.1 Internal Data Structure

Queue is a abstract data structure similar to Stacks. A queue is open at both its
ends. One end is always used to insert data (enqueue) and the other is used to remove
data (dequeue). Queue follows First-In-First-Out methodology, i.e., the data item stored
first will be accessed first.
7.3.2 Global data Structure

Aglobal variable is a variable with global scope, meaning that it is visible (hence
accessible) throughout the program, unless shadowed. The set of all global variables is
known as the global environment or global state. In compiled languages, global variables
are generally static variables, whose extent (lifetime) is the entire runtime of the program,
though in interpreted languages (including command-line interpreters), global variables
are generally dynamically allocated when declared, since they are not known ahead of
time.
7.3.3 Temporary data Structure

ATemporary data is a region of a physical memory storage used to temporarily store
data while it is being moved from one place to another. Typically, the data is stored in a
buffer as it is retrieved from an input device or just before it is sent to an output device.
However, a buffer may be used when moving data between processes within a computer.
This is comparable to buffers in telecommunication. Buffers can be implemented in a
fixed memory location in hardwareor by using a virtual data buffer in software, pointing
at a location in the physical memory.

CHAPTER 8
PROJECT IMPLEMENTATION
CHAPTER 8. PROJECT IMPLEMENTATION
8.1 Introduction
To implement a system successfully, a large number of inter-related tasks need to be
carried out in an appropriate sequence. Utilising a well-proven implementation method-
ology and enlisting professional advice can help but often it is the number of tasks,
poor planning and inadequate resounding that causes problems with an implementation
project, rather than any of the tasks being particularly difficult. Similarly with the cul-
tural issues it is often the lack of adequate consultation and two-way communication that
inhibits achievement of the desired results.
8.2 Tools and Technology
8.2.1 Java:
Java is a general-purpose computer programming language that is concurrent, class
based, object-oriented, and specically designed to have as few implementation dependen
cies as possible. It is intended to let application developers write once, run anywhere
(WORA), meaning that compiled Java code can run on all platforms that support Java
without the need for recompilation. Java applications are typically compiled to bytecode
that can run on any Java virtual machine (JVM) regardless of computer architecture. As
of 2016, Java is one of the most popular programming languages in use, particularly for
client-server web applications, with a reported 9 million developers. Java was originally
developed by James Gosling at Sun Microsystems (which has since been acquired by
Oracle Corporation) and released in 1995 as a core component of Sun Microsystems Java
platform. The language derives much of its syntax from C and C++, but it has fewer
low-level facilities than either of them.The original and reference implementation Java
compilers, virtual machines, and class libraries were originally released by Sun under
proprietary licences. As of May 2007, in compliance with the specications of the Java
Community Process, Sun relicensed most of its Java technologies under the GNU General
Public License. Others have also developed alternative implementations of these Sun
technologies, such as the GNU Compiler for Java (bytecode compiler), GNU Classpath
(standard libraries), and IcedTea-Web (browser plugin for applets).

The latest version is Java 8 Update 121 which is the only version currently supported
for free by Oracle, although earlier versions are supported both by Oracle and other
companies on a commercial basis.
James Gosling, Mike Sheridan, and Patrick Naughton initiated the Java lan guage
project in June 1991. Java was originally designed for interactive television, but it was
too advanced for the digital cable television industry at the time.The language was ini-
tially called Oak after an oak tree that stood outside Goslings oce. Later the project went
by the name Green and was nally renamed Java, from Java coee. Gosling de signed Java
with a C/C++-style syntax that system and application programmers would nd familiar.
• Principles: There were ve primary goals in the creation of the Java language:
1. It must be simple, object-oriented, and familiar
2. It must be robust and secure.
3. It must be architecture-neutral and portable.
4. It must execute with high performance.
5. It must be interpreted, threaded, and dynamic.
• Class libraries: The Java Class Library is the standard library, developed to
support application development in Java. It is controlled by Sun Microsystems in
cooperation with others through the Java Community Process program. Companies
or individuals participating in this process can inuence the design and development
of the APIs. This process has been a subject of controversy. The class library
contains features such as: 1. IO/NIO
2. Networking
3. Reection
4. Concurrency
5. Generics
6. Scripting/Compiler
7. Functional Programming (Lambda, Streaming)
8. Collection libraries that implement data structures such as lists, dictionaries,
trees, sets, queues and double-ended queue, or stacks
9. XML Processing (Parsing, Transforming, Validating) libraries

10. Internationalization and localization libraries

11. The (lightweight) Swing libraries, which are built on AWT but provide (non
native) implementations of the AWT widgetry
12. APIs for audio capture, processing, and playback
13. A platform dependent implementation of the Java virtual machine that is the
means by which the bytecodes of the Java libraries and third party applications are
executed
14. Licensing and documentation
15. Java Web Start, which allows Java applications to be eciently distributed to
end users across the Internet
16. Licensing and documentation
Features of Java:
Figure 8.1 Features of Java

There is given many features of java. They are also known as java buzzwords. The Java
Features given below are simple and easy to understand.
1. Simple
2. Object-Oriented
3. Portable
4. Platform independent
5. Secured
6. Robust
7. Architecture neutral
8. Dynamic
9. Interpreted
10. High Performance
11. Multi-threaded
12. Distributed
• Simple: syntax is based on C++ (so easier for programmers to learn it after
C++).removed many confusing and/or rarely-used features e.g., explicit pointers,
operator over loading etc. No need to remove unreferenced objects because there is
Automatic Garbage Collection in java.
• Object-oriented: Object-oriented means we organize our software as a combina-

tion of dierent types of objects that incorporates both data and behaviour.Object
oriented programming(OOPs) is a methodology that simplify software development
and maintenance by providing some rules.Basic concepts of OOPs are:
1. Object
2. Class
3. Inheritance
4. Polymorphism
5. Abstraction
6. Encapsulation
• Platform Independent: A platform is the hardware or software environment in

which a program runs. There are two types of platforms software-based and hard-
ware based. Java provides software-based platform.The Java platform diers from
most other platforms in the sense that it is a software-based platform that runs on
the top of other hardware-based platforms. It has two components:
1. Runtime Environment
2. API(Application Programming Interface)
• Java code can be run on multiple platforms e.g. Windows, Linux, Sun Solaris,
Mac/OS etc. Java code is compiled by the compiler and converted into bytecode.
This bytecode is a platform-independent code because it can be run on multiple
platforms i.e. Write Once and Run Anywhere(WORA).
• Secured: Java is secured because:
1. No explicit pointer
2. Java Programs run inside virtual machine sandbox
3. Classloader:adds security by separating the package for the classes of the local
le system from those that are imported from network sources.
4. Bytecode Verier: checks the code fragments for illegal code that can violate
access right to objects.
5. Security Manager: determines what resources a class can access such as reading
and writing to the local disk.
• Robust: Robust simply means strong. Java uses strong memory management.
There are lack of pointers that avoids security problem. There is automatic garbage
collection in java. There is exception handling and type checking mechanism in java.
All these points makes java robust.
• Architecture-neutral: There is no implementation dependent features e.g. size of

primitive types is xed.In C programming, int data type occupies 2 bytes of memory
for 32-bit architecture and 4 bytes of memory for 64-bit architecture. But in java,
it occupies 4 bytes of memory for both 32 and 64 bit architectures.
• Multi-threaded: A thread is like a separate program, executing concurrently. We
can write Java programs that deal with many tasks at once by dening multiple

threads. The main advantage of multi-threading is that it doesnt occupy memory

for each thread. It shares a common memory area. Threads are important for
multi-media, Web applications etc.
8.2.2 NetBean
NetBeans IDE is a modular, standards-based integrated development environment
(IDE), written in the Java programming language. The NetBeans project consists of
a full-featured open source IDE written in the Java programming language and a rich
client application platform, which can be used as a generic framework to build any kind
of application.
NetBeans IDE 8.2 provides out-of-the-box code analyzers and editors for working
with the latest Java 8 technologies-Java SE 8, Java SE Embedded 8, and Java ME Em-
bedded 8. The IDE also has a range of new tools for HTML5/JavaScript, in particular for
Node.js, KnockoutJS, and AngularJS; enhancements that further improve its support for
Maven and Java EE with PrimeFaces; and improvements to PHP and C/C++ support.
Feature of NetBean
• ECMAScript 6 and Experimental ECMAScript 7 Support
- New hexa, binary, and octal literals
- Source editor support
- Code completion for generators
• Node.js Enhancements
- Grunt and Gulp Task Runners
- Support for Node.js 4.0 and newer
- Return statement in global context
• Oracle JET Support Enhancements

- Oracle JET Base Distribution template
- Oracle JET Quickstart Basic sample application
- Oracle JET Component Interaction sample application

• NetBeans IDE Bundle for PHP

- syntax highlighting, code completion, occurrence highlighting, error highlighting,
CVS version control
- semantic analysis with highlighting of parameters and unused local variable
- PHP code debugging with xdebug
- PHP Unit testing with PHPUnit and Selenium
- Code coverage
- Symfony framework support (since version 6.8)
- Zend Framework support (since version 6.9)
- Yii Framework support (since version 7.3)
- PHP 5.3 namespace and closure support (since version 6.8)
- Code Folding for Control Structures (since version 7.2 dev )
• NetBeans IDE Complete Bundle

- NetBeans Base IDE
- Java SE, JavaFX
- Web and Java EE
- Java ME
- C/C++
- PHP (Version 5.5 and later)
- Apache Groovy
- GlassFish
- Apache Tomcat
8.2.3 Android OS:

Android is a mobile operating system developed by Google, based on the Linux kernel
and designed primarily for touchscreen mobile devices such as smartphones and tablets.
Android’s user interface is mainly based on direct manipulation, using touch gestures
that loosely correspond to real-world actions, such as swiping, tapping and pinching, to
manipulate on-screen objects, along with a virtual keyboard for text input. In addition to

touchscreen devices, Google has further developed Android TV for televisions, Android
Auto for cars, and Android Wear for wrist watches, each with a specialized user interface.
Variants of Android are also used on notebooks, game consoles, digital cameras, and other
electronics.
Initially developed by Android Inc., which Google bought in 2005, Android was
unveiled in 2007, along with the founding of the Open Handset Alliance a consortium
of hardware, software, and telecommunication companies devoted to advancing open
standards for mobile devices. Beginning with the first commercial Android device in
September 2008, the operating system has gone through multiple major releases, with
the current version being 7.0 ”Nougat”, released in August 2016. Android applications
(”apps”) can be downloaded from the Google Play store, which features over 2.7 million
apps as of February 2017. In September 2015, Android had 1.4 billion monthly active
users, and it has the largest installed base of any operating system. Androids underlying
kernel is based on Linux, but it has been customized to suit Googles directions. There
is no support for the GNU libraries and it does not have a native X Windows system.
Inside the Linux kernel are found drivers for the display, camera, ash memory, keypad,
WiFi and audio. The Linux kernel serves as an abstraction between the hardware and the
rest of the software on the phone. It also takes care of core system services like security,
memory management, process management and the network stack.
Features of Android:
• Multitasking: Multitasking of applications, with unique handling of memory al-
location, is available.
• Video calling: Android does not support native video calling, but some hand-
sets have a customized version of the operating system that supports it, either via
the UMTS network (like the Samsung Galaxy S) or over IP. Video calling through
Google Talk is available in Android 2.3.4 (Gingerbread) and later. Gingerbread
allows Nexus S to place Internet calls with a SIP account. This allows for enhanced
VoIP dialing to other SIP accounts and even phone numbers. Skype 2.1 oers video
calling in Android 2.3, including front camera support. Users with the Google+
Android app can video chat with other Google+ users through Hangouts.

• Multiple language support: Android supports multiple languages.
• Accessibility: Built-in text-to-speech is provided by TalkBack for people with

low or no vision. Enhancements for people with hearing diculties are available, as
are other aids.
• Bluetooth: Supports voice dialing and sending contacts between phones, playing
music, sending les (OPP), accessing the phone book (PBAP), A2DP and AVRCP.
Keyboard, mouse and joystick (HID) support is available in Android 3.1+, and in
earlier versions through manufacturer customizations and third-party applications.
• Media support: Android supports the following audio/video/still media formats:

WebM, H.263, H.264, AAC, HE-AAC (in 3GP or MP4 container), MPEG-4 SP,
AMR, AMR-WB (in 3GP container), MP3, MIDI, Ogg Vorbis, FLAC, WAV, JPEG,
PNG, GIF, BMP, and WebP.
• Java support: While most Android applications are written in Java, there is no
Java Virtual Machine in the platform and Java byte code is not executed. Java
classes are compiled into Dalvik executables and run on using Android Runtime
or in Dalvik in older versions, a specialized virtual machine designed specically for
Android and optimized for battery-powered mobile devices with limited memory
and CPU. J2ME support can be provided via third-party applications.

Figure 8.2 Android Version
Table 8.1 Android Version

8.2.4 Android Environment

Android apps are written in the Java programming language. The Android SDK
tools compile your codealong with any data and resource filesinto an APK: an Android
package, which is an archive file with an .apk suffix. One APK file contains all the
contents of an Android app and is the file that Android-powered devices use to install the
app. Once installed on a device, each Android app lives in its own security sandbox: The
Android operating system is a multi-user Linux system in which each app is a different
user.
By default, the system assigns each app a unique Linux user ID (the ID is used only
by the system and is unknown to the app). The system sets permissions for all the files
in an app so that only the user ID assigned to that app can access them. Each process
has its own virtual machine (VM), so an app’s code runs in isolation from other apps.
By default, every app runs in its own Linux process. Android starts the process when
any of the app’s components need to be executed, then shuts down the process when it’s
no longer needed or when the system must recover memory for other apps.
In this way, the Android system implements the principle of least privilege. That is,
each app, by default, has access only to the components that it requires to do its work
and no more. This creates a very secure environment in which an app cannot access parts
of the system for which it is not given permission.
However, there are ways for an app to share data with other apps and for an app to
access system services: It’s possible to arrange for two apps to share the same Linux user
ID, in which case they are able to access each other’s files. To conserve system resources,
apps with the same user ID can also arrange to run in the same Linux process and share
the same VM (the apps must also be signed with the same certificate).
An app can request permission to access device data such as the user’s contacts,
SMS messages, the mountable storage (SD card), camera, Bluetooth, and more. All app
permissions must be granted by the user at install time. That covers the basics regarding
how an Android app exists within the system. The rest of this document introduces you
to: The core framework components that define your app.
The manifest file in which you declare components and required device features for
your app. Resources that are separate from the app code and allow your app to gracefully

optimize its behavior for a variety of device configurations.
App Components App components are the essential building blocks of an Android app.
Each component is a different point through which the system can enter your app. Not
all components are actual entry points for the user and some depend on each other, but
each one exists as its own entity and plays a specific roleeach one is a unique building
block that helps define your app’s overall behavior.
There are four different types of app components. Each type serves a distinct purpose
and has a distinct lifecycle that defines how the component is created and destroyed.
Here are the four types of app components:
• Activities: An activity represents a single screen with a user interface. For exam-
ple, an email app might have one activity that shows a list of new emails, another
activity to compose an email, and another activity for reading emails. Although
the activities work together to form a cohesive user experience in the email app,
each one is independent of the others. As such, a different app can start any one
of these activities (if the email app allows it). For example, a camera app can start
the activity in the email app that composes new mail, in order for the user to share
a picture. An activity is implemented as a subclass of Activity and you can learn
more about it in the Activities developer guide.
• Services: A service is a component that runs in the background to perform long-

running operations or to perform work for remote processes. A service does not
provide a user interface. For example, a service might play music in the back-
ground while the user is in a different app, or it might fetch data over the network
without blocking user interaction with an activity. Another component, such as an
activity, can start the service and let it run or bind to it in order to interact with
it. A service is implemented as a subclass of Service and you can learn more about
it in the Services developer guide.
• Content providers: A content provider manages a shared set of app data. You
can store the data in the file system, an SQLite database, on the web, or any other
persistent storage location your app can access. Through the content provider,

other apps can query or even modify the data (if the content provider allows it).
For example, the Android system provides a content provider that manages the
user’s contact information. As such, any app with the proper permissions can
query part of the content provider (such as Contacts Contract. Data) to read and
write information about a particular person.
Content providers are also useful for reading and writing data that is private to
your app and not shared. For example, the Note Pad sample app uses a content
provider to save notes. A content provider is implemented as a subclass of Content
Provider and must implement a standard set of APIs that enable other apps to
perform transactions. For more information, see the Content Providers developer
guide.
• Broadcast receivers: A broadcast receiver is a component that responds to

system-wide broadcast announcements. Many broadcasts originate from the sys-
temfor example, a broadcast announcing that the screen has turned off, the battery
is low, or a picture was captured. Apps can also initiate broadcastsfor example, to
let other apps know that some data has been downloaded to the device and is avail-
able for them to use. Although broadcast receivers don’t display a user interface,
they may create a status bar notification to alert the user when a broadcast event
occurs. More commonly, though, a broadcast receiver is just a ”gateway” to other
components and is intended to do a very minimal amount of work. For instance, it
might initiate a service to perform some work based on the event.
A broadcast receiver is implemented as a subclass of Broadcast Receiver and each

broadcast is delivered as an Intent object. For more information, see the Broadcast
Receiver class.
A unique aspect of the Android system design is that any app can start another
apps component. For example, if you want the user to capture a photo with the
device camera, there’s probably another app that does that and your app can use
it, instead of developing an activity to capture a photo yourself. You don’t need to
incorporate or even link to the code from the camera app. Instead, you can simply

start the activity in the camera app that captures a photo. When complete, the
photo is even returned to your app so you can use it. To the user, it seems as if the
camera is actually a part of your app.
When the system starts a component, it starts the process for that app (if it’s
not already running) and instantiates the classes needed for the component. For
example, if your app starts the activity in the camera app that captures a photo,
that activity runs in the process that belongs to the camera app, not in your app’s
process. Therefore, unlike apps on most other systems, Android apps don’t have a
single entry point (there’s no main() function, for example).
Because the system runs each app in a separate process with file permissions that
restrict access to other apps, your app cannot directly activate a component from
another app. The Android system, however, can. So, to activate a component in
another app, you must deliver a message to the system that specifies your intent to
start a particular component. The system then activates the component for you.

8.3 Methodologies/Algorithm
8.3.1 Algorithm Steps:

Step 1: Start
Step 2: Conduct static and dynamic analyses to extract features from each app.
Step 3: The static phase, we uncompress the .apk file with the 7-Zip tool and then
focus on parsing AndroidManifest.xml and classes.dex.
Step 4: By parsing the Android Manifest.xml file with the tool AXML-Printer2 and
the parser TinyXml.
Step 5: TinyXml help to obtain the permissions required by the app.
Step 6: The disassemble baksmali, we can know which API functions are
called(chmod) by parsing classes.dex
Step 7: Chmod is a sensitive API that might be used for changing users permissions on
files.
Step 8: Now, In Dynamic phase, DroidBox is an Android application monitor a variety

of app actions such as information leaks, network and file input/output, cryptography
operations, Short Message Services (SMS), and mobile phone calls.
a. Actions like action sendnet is the action that sends data over the network, b. Action
phonecalls is the action that makes a phone call, and c. Action sendsms is the action
that sends SMS messages.
Step 9: In future set each feature are denoted in binary, indicating that
if (feature occurs in an app.)
feature value is 1;
else
feature value is 0.
Step 10: stop.

8.3.2 Mathematical Model

M =( i, o, Si, So, F, Sf, Ct, Cs, Pn )
Where;
i = Inputs;
o = Output;
I/p= Malware, Required permission, Dynamic behaviour, Sensitive API, Readable file,
Android APK
O/P= Boolean(Yes/No), APK file folder.
Si= Download Android Apps.
So=Detect malware.
F=( F1, F2, F3, F4, F5 )
Unlabeled Android app samples.
F1=RBM Initialization We can increase the modeling capacity of the Boltzmann Ma-
chine (BM). A graphical depiction of an RBM is shown below
Figure 8.3 Restricted Boltzmann Machines(RBM)
The energy function E(v,h)of an RBM is defined as
where W represents the weights connecting hidden and visible units and b,c are the
offsets of the visible and hidden layers respectively.
F2= CD-K Sampling.

Contrastive Divergence (CD-k)

Contrastive Divergence uses two tricks to speed up the sampling process:
• since we finally want p(v)=Ptrain(v) (the true, underlying distribution of the data),
we initialize the Marked chain with a training example (i.e., from a distribution that
is expected to be close to p, so that the chain will be already close to having meet
to its nul distribution p ).
• CD does not wait for the chain to converge. Samples are obtained after only k-steps
of Gibbus sampling. In practice, K=1 has been shown to work surprisingly well.
F3= Updating Parameters.
For each parameter update, we extract new samples by simply running the chain for
k-steps. The state of the chain is then preserved for subsequent updates.
F4= RBM Assessment.

The RBM Communications Assessment is the initial stage in the process to develop ef-
fective and inclusive national malaria communication strategies in RBM.
Labeled Android app samples.
F5= Back propagation for fine-tuning.

1. Training a DBN is nothing but preparation RBMs one on the top of another. When
we are done with all layers of the DBN training, we use back-propagation to fine-
tune model. We can think of it as if we forget about the DBN model and we just
keep the same network but we pleasure it as a mlp (with the same units and the
same connections among them) and we use the weights we got in the training of
the DBN for mlp. Now, we use back-propagation to fine-tune wer model.
2. When we follow the steps declare above and we fine-tune a mlp using back-propagation,
we can use a conformation set for hyper-parameter selection. So, its the same as
training a mlp.
3. In fact, unsupervised pre-training is especially useful when we have very few marker
data. It puts parameters in the right regime and we can use very few marker exam-
ples to fine-tune it. However, it is possible to over t and we can use regularization
methods to avoid it. Another exciting issue is that, unsupervised pre-training is a
regularize itself. It forces the weights of the model to be close to the weights that

represent the data.

Sf= Greedy Scheme(),Training(),Generate(),Error(),Iterative operation().
Ct= bigO(n)
Cs= bigO(m)
Pn= 1
8.4 Verication and Validation for Acceptance:
Table 8.2 Test Case For UI: User Registration:

Table 8.3 Test Case For UI: User Login:
Table 8.4 Test Case For UI : upload advertisement:

Table 8.5 Test Case For Malware:

CHAPTER 9
SOFTWARE TESTING
CHAPTER 9. SOFTWARE TESTING
9.1 System Testing

The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub assemblies, assemblies and/or a finished product It is
the process of exercising software with the intent of ensuring that the Software system
meets its requirements and user expectations and does not fail in an unacceptable manner.
There are various types of test. Each test type addresses a specific testing requirement.
9.1.1 Types Of Tests

• Unit testing
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program inputs produce valid outputs. All
decision branches and internal code flow should be validated. It is the testing of
individual software units of the application .it is done after the completion of an
individual unit before integration. This is a structural testing, that relies on knowl-
edge of its construction and is invasive. Unit tests perform basic tests at component
level and test a specific business process, application, and/or system configuration.
Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected
results.
• Integration testing
Integration tests are designed to test integrated software components to determine
if they actually run as one program. Testing is event driven and is more concerned
with the basic outcome of screens or fields. Integration tests demonstrate that al-
though the components were individually satisfaction, as shown by successfully unit
testing, the combination of components is correct and consistent. Integration test-
ing is specifically aimed at exposing the problems that arise from the combination
of components.
• Functional test

Functional tests provide systematic demonstrations that functions tested are avail-
able as specified by the business and technical requirements, system documentation,
and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures: interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to
identify Business process flows; data fields, predefined processes, and successive
processes must be considered for testing. Before functional testing is complete, ad-
ditional tests are identified and the effective value of current tests is determined.
• System Test
System testing ensures that the entire integrated software system meets require-
ments. It tests a configuration to ensure known and predictable results. An exam-
ple of system testing is the configuration oriented system integration test. System
testing is based on process descriptions and flows, emphasizing pre-driven process
links and integration points.
• White Box Testing

White Box Testing is a testing in which in which the software tester has knowledge
of the inner workings, structure and language of the software, or at least its purpose.
It is purpose. It is used to test areas that cannot be reached from a black box level.
• Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner work-
ings, structure or language of the module being tested. Black box tests, as most
other kinds of tests, must be written from a definitive source document, such as

specification or requirements document, such as specification or requirements doc-

ument. It is a testing in which the software under test is treated, as a black box
.you cannot see into it. The test provides inputs and responds to outputs without
considering how the software works.
9.2 Testing Methodologies:

• Unit Testing.
• Integration Testing.
• User Acceptance Testing.
• Output Testing.
• Validation Testing.
9.2.1 Unit Testing

Unit testing focuses verification effort on the smallest unit of Software design that is
the module. Unit testing exercises specific paths in a modules control structure to ensure
complete coverage and maximum error detection. This test focuses on each module
individually, ensuring that it functions properly as a unit. Hence, the naming is Unit
Testing.
During this testing, each module is tested individually and the module interfaces are
verified for the consistency with design specification. All important processing path are
tested for the expected results. All error handling paths are also tested.
9.2.2 Integration Testing

Integration testing addresses the issues associated with the dual problems of verifi-
cation and program construction. After the software has been integrated a set of high
order tests are conducted. The main objective in this testing process is to take unit tested
modules and builds a program structure that has been dictated by design.
The following are the types of Integration Testing:
1. Top Down Integration

This method is an incremental approach to the construction of program structure.

Modules are integrated by moving downward through the control hierarchy, beginning
with the main program module. The module subordinates to the main program module
are incorporated into the structure in either a depth first or breadth first manner.
In this method, the software is tested from main module and individual stubs are
replaced when the test proceeds downwards.
2. Bottom-up Integration
This method begins the construction and testing with the modules at the lowest
level in the program structure. Since the modules are integrated from the bottom up,
processing required for modules subordinate to a given level is always available and the
need for stubs is eliminated. The bottom up integration strategy may be implemented
with the following steps:
• The low-level modules are combined into clusters into clusters that perform a spe-
cific Software sub-function.
• A driver (i.e.) the control program for testing is written to coordinate test case
input and output.
• The cluster is tested.
• Drivers are removed and clusters are combined moving upward in the program
structure
The bottom up approaches tests each module individually and then each module is
module is integrated with a main module and tested for functionality.
9.2.3 User Acceptance Testing

User Acceptance of a system is the key factor for the success of any system. The
system under consideration is tested for user acceptance by constantly keeping in touch
with the prospective system users at the time of developing and making changes wher-
ever required. The system developed provides a friendly user interface that can easily be
understood even by a person who is new to the system.

9.2.4 Output Testing

After performing the validation testing, the next step is output testing of the pro-
posed system, since no system could be useful if it does not produce the required output
in the specified format. Asking the users about the format required by them tests the
outputs generated or displayed by the system under consideration. Hence the output
format is considered in 2 ways one is on screen and another in printed format.
9.2.5 Validation Checking

Validation checks are performed on the following fields.
• Text Field:
The text field can contain only the number of characters lesser than or equal to
its size. The text fields are alphanumeric in some tables and alphabetic in other
tables. Incorrect entry always flashes and error message.
• Numeric Field:
The numeric field can contain only numbers from 0 to 9. An entry of any character
flashes an error messages. The individual modules are checked for accuracy and
what it has to perform. Each module is subjected to test run along with sample
data. The individually tested modules are integrated into a single system. Testing
involves executing the real data information is used in the program the existence of
any program defect is inferred from the output. The testing should be planned so
that all the requirements are individually tested. A successful test is one that gives
out the defects for the inappropriate data and produces and output revealing the
errors in the system.
• Preparation of Test Data:

Taking various kinds of test data does the above testing. Preparation of test data
plays a vital role in the system testing. After preparing the test data the system
under study is tested using that test data. While testing the system by using test
data errors are again uncovered and corrected by using above testing steps and

corrections are also noted for future use.
• Using Live Test Data:

Live test data are those that are actually extracted from organization files. After a
system is partially constructed, programmers or analysts often ask users to key in
a set of data from their normal activities. Then, the systems person uses this data
as a way to partially test the system. In other instances, programmers or analysts
extract a set of live data from the files and have them entered themselves.
It is difficult to obtain live data in sufficient amounts to conduct extensive testing.
And, although it is realistic data that will show how the system will perform for
the typical processing requirement, assuming that the live data entered are in fact
typical, such data generally will not test all combinations or formats that can enter
the system. This bias toward typical values then does not provide a true systems
test and in fact ignores the cases most likely to cause system failure.
• Using Artificial Test Data:

Artificial test data are created solely for test purposes, since they can be gener-
ated to test all combinations of formats and values. In other words, the artificial
data, which can quickly be prepared by a data generating utility program in the
information systems department, make possible the testing of all login and control
paths through the program. The most effective test programs use artificial test data
generated by persons other than those who wrote the programs. Often, an inde-
pendent team of testers formulates a testing plan, using the systems specifications.
The package Virtual Private Network has satisfied all the requirements specified as
per software requirement specification and was accepted.
9.3 Verication and Validation for Acceptance:




CHAPTER 10
RESULT
CHAPTER 10. RESULT
In this, Result of application is tested by testdroid.appcrawler.testcrawler. In ap-

pcrawler TestBook.apk file is uploaded in that LG Google Nexus 5 6.0 -EU device is used
and the duration of result is 181.61 s

CHAPTER 10. RESULT
10.1 Analysis Diagram
Figure 10.1 Testing

CHAPTER 10. RESULT
Figure 10.2 Test Duration

CHAPTER 10. RESULT
10.2 Flow Of Application
Figure 10.3 Admin Login
Admin will authorize Users and view the documents uploaded. Admin will scan for
droid (malware) documents and send the alert to corresponding users and show the ratio
of droid affected files and the total files. Admin can view all the transactions and the
attackers for corresponding files. And also admin can block the user who spreads the
droid documents. Admin views the number of droid affected documents and droid free
documents in chart.

CHAPTER 10. RESULT
Figure 10.4 User Registration
User has to register and get authorized by the admin to login, and then the user will
upload the documents with the digital sign, and share the uploaded file to other users.
The user will search for documents by giving the keyword based on the contents, and
downloads the related documents. The user will also verify the uploaded documents from
the data integrity attacker and recover if it is not safe (attacked).

CHAPTER 10. RESULT
Figure 10.5 Authorize User
Figure 10.6 Data Integrity

CHAPTER 10. RESULT
Figure 10.7 searching

CHAPTER 11
DEPLOYMENT AND MAINTENANCE

CHAPTER 11. DEPLOYMENT AND MAINTENANCE
11.1 Installation and Un-Installation:
11.1.1 Java:
Java JDK for Windows
1. Goto Java SE download site @
http://www.oracle.com/technetwork/java/javase/downloads/index.html.
2. Look for the latest Java SE Development Kit 8uxx
3. Check Accept License Agreement.
4. Choose the JDK for your operating system, e.g., Windows x64 (for 64-bit Win dows
OS) or Windows x86 (for 32-bit Windows OS).As soon as you click to download le , a
pop-up window will appear asking for either save or run le.
5. Select Save File or Save to save the le to a location on your local hard drive. You can
save it to your Desktop or some other le folder. Remember this location so you can nd it
later!
6. Once the le is saved, use your Windows Explorer to nd and run the program by
double-clicking in it. Depending on your version of Windows and security settings you
may get a security popup as shown below. Click on Run to continue.
7. This next screen lists all of the possible JDK options that can be installed. Since we
will be covering the basics of Java in this course, you can just accept the defaults and
simply click on the Next button to continue. There is no need to make any changes on
this screen.
8. The next screen will display a simple progress bar while the JDK les are being in-
stalled. This process could take anywhere from seconds to minutes, depending on the
speed of your computer.
9. When the JDK is nished installing, the installation program will install the JRE les.
The screen above will allow you to choose the directory where the JRE will be located.
We recommend that you allow the les to install in the default directory, as shown below.
10. Once you choose the Next button, the installation will display another progress bar.
This will show the progress of the installation of the JRE les.
11. The next screen will simply show the progress of your JRE installation. In this rst
step, the installation program will automatically download additional les from the Oracle

website. This is a large program and will take some time!

12. At this point, the installation of the JDK les is complete. When you click on the
Finish button on this screen, a browser window will appear, displaying registration infor-
mation for Java.
13. Registration for the JDK software is optional and is not necessary for the completion
of this course. If you choose not to register, simple close this window.
14. You have nished the installation of the JDK and JRE in your Windows computer.
11.1.2 Installing Android Studio:

Google provides Android Studio for the Windows, Mac OS X, and Linux platforms.
You can download this software from the Android Studio homepage. (Youll also nd the
traditional SDKs, with Android Studios command-line tools, available from the Down-
loads page.)
1. Goto https://developer.android.com/studio/index.html
2. Click on DOWNLOAD ANDROID STUDIO FOR WINDOWS green color button.
3. Now check on I have read and agree with above terms and conditions . Then click on
DOWNLOAD ANDROID STUDIO FOR WINDOWS Sky blue color button.
4. Now your download will begun. Your downloaded le will be approximately 1.09 GB
in size because its contain both Android Studio and Android SDK in it with the latest
version of android Marshmallow 6.0 .
5. Double click on le or Run as administrator. Wait for 1-2 minutes for verifying installer
loading.
6. Press Yes on User account control pop up box.
7. Now you will be able to see Android studio setup welcome wizard.
8. Check on Android Studio, Android SDK, Android virtual device then click on Next
button.
9. Click on I Agree button.
10. Now set conguration settings ( Set android studio + android sdk folder path here.You
can set custom folder and path here. )
11. Click on Install button.
12. After all the procedure android studio with android sdk manger will begun to install.

Here you go friends now Android Studio will successfully installed on your windows pc.
11.1.3 Installing Xampp Server

XAMPP is the most popular PHP development environment.
XAMPP is a completely free, easy to install Apache distribution containing MariaDB,
PHP, and Perl. The XAMPP open source package has been set up to be incredibly easy
to install and to use.
1. To install XAMPP in windows 7, first you need to download the XAMPP in-
staller for windows. To download the XAMPP installer for windows, visit the URL
https://www.apachefriends.org/download.html.This page shows the latest version of XAMPP
for windows. It also shows the versions of Apache, PHP, MySQL, and other softwares
included in this version of XAMPP.
2. Now, go to the ”Download” section in the page. Here, you will see XAMPP for Win-
dows, Linux, and Mac OS X. We can easily download the XAMPP installer for Windows
3. Click on the Download link to download XAMPP.
4. After downloading the installer, double click on the executable(.exe) file to start the
XAMPP installation process. Click Yes, if User Account Control dialog box appears.
5. This dialog box below shows that you should avoid installing XAMPP to C:Files.
Click OK.
6. This dialog box below shows that you should avoid installing XAMPP to C:Files.
Click OK. Verify that the Destination Folder is set to C:, then click Install.
7. Wait for the installation process to complete.
8. Click Finish to finish the installation process.
9. You can choose to start the Control Panel now. Clicking Yes will directly open the
XAMPP control panel. Please see the Note below to know how to start XAMPP Control
Panel.
10. The installation is complete.
11.1.4 Installing NetBean

1. As usual, go to Netbeans.org to download the latest version of NetBeans. We down-
loaded the full version that is the full bundled ’package’.

2. Double click the Windows exe self-extracting file.

3. The NetBeans IDE installer will be launched.
4. Then the NetBeans IDE installer wizard welcome page displayed. A list of default
packs and runtimes shown in this welcome page. Click the Customize button.
5. In our case, se select all packs and runtimes. Click OK.
6. Accept the License Agreement and click Next.
7. Choose the installation path. Click Browse if you want to change. The Java JDK
properly set to the desired path for this machine. In our case we just accept the given
path. Click Next.
8. As usual, if the following Windows Security Alert displayed, click the Unblock.
9. Next is the GlassFish web server installation path selection. We just accept the de-
fault path give. Set the GlassFish administrator (admin) password and the default is
adminadmin.
10. Next, set the Apache Tomcat installation path. We just accept the given path.
Change accordingly if you want to change by clicking the Browse button. Click Next.
11. Next is the NetBeans IDE installation summary. If you want to change the previously
selected settings, click Back otherwise click Install.
12. The installation begins. Wait and relax.
13. The installation completed successfully as shown in the following Figure. Click Finish.

CHAPTER 12
CONCLUSION AND FEATURE SCOPE

CHAPTER 12. CONCLUSION AND FEATURE SCOPE
Deep learning is a new part of machine learning research. In this paper, we extracted
a total of 192 features from both static and dynamic analyses of Android apps and char-
acterized malware using a DBN-based deep learning model. We designed DroidDetector
and evaluated it with 20000 benign apps crawled from the Google Play Store and 1760
malwares collected from the well-known Contagio Community and Genome Project. The
results show that using DroidDetector with a deep learning model can achieve a supe-
rior accuracy under different conditions, significantly outperforming traditional machine
learning techniques. At present, DroidDetector has been deployed online for user testing.
Moreover, we delved deeper into the features that deep learning exploits to characterize
Android malware using association rule mining techniques. The evaluation of ten popular
anti-virus softwares indicates that it is a matter of urgency to make changes in Android
malware detection.
Much more work is necessary. First, more ne-grained features should be extracted
to characterize Android apps. A more comprehensive and ne-grained set of features can
cover more aspects of Android malware and thus lead to a better characterization and
detection of malware. In addition to the 192 total features in this paper, we may also
add the semantic based features introduced in and types of features presented in to the
feature set. In addition, richer discrete features rather than binary features can be used
in establishing the deep learning model. For example, if one sensitive API function is
called twice or one dynamic behavior occurs twice, we can set their corresponding feature
values as 2 (i.e., discrete values) instead of 1 (i.e., binary values). And second, more app
data (i.e., more types of malicious and benign samples)should be collected for training the
deep learning model. More types of training samples could lead to a better optimization
of the deep learning model, and thereby achieve a superior accuracy in real world Android
malware detection.

ANNEXURE A
ANNEXURE A
REFERENCES
[1] Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. Riskranker: scalable and accurate zero-day
android malware detection. In Proc. of the 10th MobiSys, 2012.
[2] A. Reina, A. Fattori, and L. Cavallaro. A system call-centric analysis and stimula-
tion technique to automatically reconstruct android malware behaviors. In Proc. of
European Workshop on System Security (EUROSEC),April 2013.
[3] R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, Whyper: Towards automating
risk assessment of mobile applications, in Proceedings of the 22nd USENIX Security
Symposium (USENIX Security), 2013, pp. 527542.
[4] Z. Fang, W. Han, and Y. Li, Permission based Android security: Issues and coun-
termeasures, Computers Security, vol. 43, pp. 205218, 2014.
[5] Wen Liu. Mutiple classifier system based android malware detection. In Machine
Learning and Cybernetics (ICMLC), 2013 International Conference on, volume 01,
pages 57-62, July 2013. doi: 10.1109/ICMLC.2013.6890444.
[6] Mark A. Davenport, Richard G. Baraniuk, and Clayton D. Scott. Tuning support
vector machines for minimax and neyman-pearson classification. IEEE Transactions
on Pattern Analysis and Machine Intelligence, 32(10), 2010.
[7] Su, X., Chuah, M., Tan, G.”Smartphone dual defense protection framework: De-
tecting malicious applications in android markets” in: Mobile Ad-hoc and Sensor
Networks (MSN), 2012 Eighth International Conference on, pp. 153-160 (2012).
[8] L. Xie, X. Zhang, J.-P. Seifert, and S. Zhu. pBMDS: A Behavior-based Malware
Detection System for Cellphone Devices. In Proceedings of the 3rd ACM conference
on Wireless Network Security, WiSec ’10, 2010.
[9] S. Zhao, X. Li, G. Xu, L. Zhang, and Z. Feng, ”Attack tree based android malware
detection with hybrid analysis,” in Proceedings of the IEEE 13th International Con-
ference on Trust, Security and Privacy in Computing and Communications (Trust-
Com), 2014.

ANNEXURE A
[10] A. Mylonas, A. Kastania, and D. Gritzalis, Delegate the smartphone user? Security
awareness in smartphone platforms, Computers Security, vol. 34, pp. 47-66, 2013.
[11] D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, A methodology

for empirical analysis of permission-based security models and its application to
Android, in Proceedings of the 17th ACM Conference on Computer and Communi-
cations Security (CCS), 2010, pp. 7384.
[12] Y. Zhou and X. Jiang, Dissecting Android malware: Characterization and evolution,
in Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland),
2012, pp. 95109.
[13] Y. Bengio, Learning deep architectures for ai, Foundations and Trends in Machine
Learning, vol. 2, no. 1, pp. 1127, 2009.
[14] Android malware genome project, http://www. malgenomeproject.org, 2015.

ANNEXURE B
ANNEXURE A
Figure 12.1 Canvas Model

ANNEXURE A
Table 12.1 Idea Matrix

ANNEXURE A

ANNEXURE A

ANNEXURE A

ANNEXURE C
ANNEXURE A

ANNEXURE A

ANNEXURE A

ANNEXURE D
ANNEXURE A

ANNEXURE E
ANNEXURE A
• Paper 1: DroidMiner: automatic Mining and classification of Fine-grained Malicious

Analysis
Analysis
• Paper 4: Android Malware DetectionUsing Machine Learning Approch
• Paper 5: Study of Android Malware finding methods and Machine Learning
• Paper 6: A Machine Learning technique to Android Malware Detection.
• Paper 7: Malware Detection Techniques in Android.
• Paper 8: An review Android Antimalware that identify Malicious Dynamic Code
in Apps.
• Paper 9: Detecting Malicious Apps in Official and Alternative Android Markets.
• Paper 10: HADM: Hybrid Analysis for Detection of Malware.
1. Paper Title: Malware detection in Android App using Static and Dynamic Analysis
2. Name of the Conference/Journal where paper submitted : IJERT
3. Paper accepted/rejected : Accepted
4. Review comments by reviewer : Your Paper has been Published.
5. Corrective actions if any : None

ANNEXURE F
ANNEXURE A
• Questions And Answers
1) Which algorithm you are used for implementation?

Answer:
• Patient Rule Induction Method (PRIM)
PRIM used to learn a set of association rules and maximize a target variable of
interest, to obtain the top ten 2-itemset association rules that have the maximum
confidence values, In other words, these 2-itemset association rules present the two
features that tend to be simultaneously used only by Android malware.
• Bump hunting algorithm
Bump Hunting refers to the procedure of mapping out local regions of the input
space (attribute/feature/predictor) where a target function of interest, usually un-
known, assumes larger (or smaller) values than its average over the entire space.
These sought of extreme values in the target function are also known as local/global
extreme.
2) How your application and your project are used in real life?
Answer:
• Provide security in android application.
• Protect Android devices.
3) Have you got sponsorship of it?

Answer:
No, there is no sponsorship is provided.
4) How you are detecting Malware in android?

Answer:
To detect Malware in Android App, Conduct static and dynamic analyses to ex-
tract features from each app. The static phase, we uncompress the .apk file with the
7-Ziptool. Parse the Android Manifest.xml and classes.dex. file with the tool TinyXml.
Android App required some permission. Then Chmod function called for changing users
permissions on files

ANNEXURE A
Now, In Dynamic phase, DroidBox is an Android application monitors a variety

of app actions such as information leaks, network and file input/output, cryptography
operations, Short Message Services (SMS), and mobile phone calls. Actions like action
sendnet is the action that sends data over the network, Action phone calls is the action
that makes a phone call, and Action send sms is the action that sends SMS messages.
Each feature is binary, indicating that when a feature occurs in an app, its feature value
is 1; otherwise, its feature value is 0.
5) What is approximate Hardware Cost?

Answer:
Total hardware cost is Rs. :
• Android device - 2000
• Internet connection - 200
• App lunching - 300
6) What is Front end and Back end of project?

Answer:
• Front end : XML
• Back end : JAVA,Eclipse
7) Difference between static and dynamic analysis?

Answer:
In the static phase, uncompress the .apk file with the 7-Zip tool and then focus
on parsing the two files AndroidManifest.xml and classes.dex. By parsing the Android
Manifest.xml file with the tool AXML-Printer2 and the parser TinyXml, it can obtain
the permissions required by the app.
For example, android.permission.call phone is the permission required for an app to
make a phone call and android.permission.camera is the permission required for an app
to access the camera. By parsing the classes.dex file with the disassemble baksmali, we
can know which API functions are called. For example, chmod is a sensitive API that
might be used for changing users permissions on files and ContentResolver delete is a
sensitive API that might be used for deleting users messages or contacts.

ANNEXURE A
In the dynamic phase, install and run each app in DroidBox is an Android applica-
tion sandbox that extends TaintDroid , which can execute a dynamic taint analysis with
system hooking at the application framework level and monitor a variety of app actions
such as information leaks, network and file input/output, cryptography operations, Short
Message Services and mobile phone calls. In this study, we ran the apps inside Droid-
Box for a period of time to obtain the executed app actions of each app. For instance,
action sendnet is the action that sends data over the network, action phone calls is the
action that makes a phone call, and action sendsms is the action that sends SMS messages.
8) Which permission of smart phone you need to implement your app on

it?
Answer:
Smart phones continue to grow in popularity and are now as powerful and functional
as many computers. It is important to protect your smart phone just like you protect
your computer as mobile cyber security threats are growing. Mobile security tips can help
you reduce the risk of exposure to mobile security threats.1. Set PINs and passwords:-
To prevent unauthorized access to your phone, set a password or Personal Identification
Number (PIN) on your phones home screen as a first line of defence in case your phone is
lost or stolen. When possible, use a different password for each of your important log-ins
(email, banking, personal sites, etc.).
2. Do not modify your smart phones security settings-: Do not alter security settings for
convenience. Tampering with your phones factory settings, or rooting your phone un-
dermines the built-in security features offered by your wireless service and smart phone,
while making it more susceptible to an attack.
3. Backup and secure your data:- You should backup all of the data stored on your
phone such as your contacts, documents, and photos. These files can be stored on your
computer, on a removal storage card, or in the cloud.
4. Only install apps from trusted sources:- Before downloading an app, conduct research
to ensure the app is legitimate. Checking the legitimacy of an app may include such thing
as: checking reviews, confirming the legitimacy of the app store, and comparing the app
sponsors official website with the app store link to confirm consistency.
5. Understand app permissions before accepting them:- You should be cautious about

ANNEXURE A
granting applications access to personal information on your phone or otherwise letting

the application have access to perform functions on your phone. Make sure to also check
the privacy settings for each app before installing.
6. Install security apps that enable remote location and wiping:- An important security
feature widely available on smart phones, either by default or as an app, is the ability to
remotely locate and erase all of the data stored on your phone, even if the phones GPS
is off.
7. Accept updates and patches to your smart phones softwar:- You should keep your
phones operating system software up-to-date by enabling automatic updates or accept-
ing updates when prompted from your service provider, operating system provider, device
manufacturer, or application provider.
8. Be smart on open Wi-Fi networks:- When you access a Wi-Fi network that is open to
the public, your phone can be an easy target of cyber criminals. You should limit your
use of public hotspots and instead use protected Wi-Fi from a network operator you trust
or mobile wireless connection to reduce your risk of exposure, especially when accessing
personal or sensitive information.
9. Wipe data on your old phone before you donate, resell or recycle it:- Your smartphone
contains personal data you want to keep private when you dispose your old phone. To
protect your privacy, completely erase data off of your phone and reset the phone to its
initial factory settings
10. Report a stolen smart phone:- The major wireless service providers, in coordination
with the FCC, have established a stolen phone database. If your phone is stolen, you
should report the theft to your local law enforcement authorities and then register the
stolen phone with your wireless provider.
9) What is the difference between a computer virus and malware?

Answer:
Differences between viruses” and ”malware.”Viruses are a specific type of malware
(designed to replicate and spread), while malware is a broad term used to describe all
sorts of unwanted or malicious code. Malware can include viruses, spyware, adware, nag-
ware, trojans, worms, and more.

ANNEXURE A
10) What is contribution of your project?

Answer:
1. Our aim is to develop such a technology based on android malware detection.
2. This technology is used to detect the malware in mobile android app.
3. We provide the security to mobile and computer system.
4. We also provide safety to personal information of user.
5. Example: such as information leaks, network and file input/output,cryptography op-
erations,Short Message Services (SMS), and mobile phone calls.
• Installation process of Android
Google provides Android Studio for the Windows, Mac OS X, and Linux platforms.
You can download this software from the Android Studio homepage. (Youll also nd the
traditional SDKs, with Android Studios command-line tools, available from the Down-
loads page.)
1. Goto https://developer.android.com/studio/index.html
2. Click on DOWNLOAD ANDROID STUDIO FOR WINDOWS green color button.
3. Now check on I have read and agree with above terms and conditions . Then click on
DOWNLOAD ANDROID STUDIO FOR WINDOWS Sky blue color button.
4. Now your download will begun. Your downloaded le will be approximately 1.09 GB
in size because its contain both Android Studio and Android SDK in it with the latest
version of android Marshmallow 6.0 .
5. Double click on le or Run as administrator. Wait for 1-2 minutes for verifying installer
loading.
6. Press Yes on User account control pop up box.
7. Now you will be able to see Android studio setup welcome wizard.
8. Check on Android Studio, Android SDK, Android virtual device then click on Next
button.
9. Click on I Agree button.
10. Now set conguration settings ( Set android studio + android sdk folder path here.You
can set custom folder and path here. )
11. Click on Install button.

ANNEXURE A
12. After all the procedure android studio with android sdk manger will begun to install.
Here you go friends now Android Studio will successfully installed on your windows pc.

ANNEXURE A
Annexure II Information of Project Group Member
• Name: Rachana Hiralal Sonawane

• Date Of Birth: 21-01-1995
• Gender: Female
• Permanent Address: Flat No.17, Rajlaxmi soc., Kala Nagar, Indira nagar, Nashik-
422009
• E-mail: rachanasonawane.rs21@gmail.com
• Mobile/Contact No.: 9130104358
• Paper Publishes:IOSR

ANNEXURE A
• Name: Priyanka Kailas Tate

• Gender: Female
• Permanent Address: Behind Dwaraka Bust Stop, Near Old I.D hospital, Dwaraka
Nashik-422001.
• E-mail: priyankatate95@gmail.com

ANNEXURE A
• Name: Sagar Ananda Shinde

• Gender: Female
• Permanent Address: At Post Vadajai Tal, Dist Dhule
• E-mail: shindesagar775@gmail.com

Malware Detection in Android App Using Static and Dynamic Analysis

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Malware Detection in Android App Using Static and Dynamic Analysis

Uploaded by

Copyright:

Available Formats

SAVITRIBAI PHULE PUNE UNIVERSITY

MALWARE DETECTION IN ANDROID APP

Sonawane Rachana Hiralal Exam No: B120934269

UNDER THE GUIDANCE OF

DEPARTMENT OF COMPUTER ENGINEERING

This is to certify that the Project Entitled,

MALWARE DETECTION IN ANDROID APP USING STATIC AND

Prof.N. V. Kapade Prof.K. V. Ugale

Signature of Internal Examiner Signature of External Examiner

Sonawane Rachana Hiralal Exam No: B120934269

DEPARTMENT OF COMPUTER ENGINEERING

LOKNETE GOPINATHJI MUNDE INSTITUTE OF ENGINEERING

SAVITRIBAI PHULE PUNE UNIVERSITY,PUNE

ACADEMIC YEAR 2016-2017

Prof.N. V. Kapade Prof.K. V. Ugale

Keywords :Android security; malware detection; characterization; deep learning; associ-

Sonawane Rachana Hiralal Exam No: B120934269

List of Tables xiii

4 Problem Definition And Scope 27

6 Software Requirement Specification 50

11 Deployment And Maintenance 117

12 Conclusion And Feature Scope 122

5.1 Waterfall Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

6.1 Use-Case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

7.1 Existing architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

8.1 Features of Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

10.1 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

12.1 Canvas Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

4.1 Functional matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

5.1 Risk Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

8.1 Android Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

9.1 Test Case For UI: User Registration: . . . . . . . . . . . . . . . . . . . . 106

12.1 Idea Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

1.1 Project Title

1.2 Project Option

1.3 Internal Guide

1.4 Technical Keywords

1.5 Problem Statement

LoGMIEER, Dept. of Computer Engineering 2016-2017 2

LoGMIEER, Dept. of Computer Engineering 2016-2017 3

all performed on these two app sets.

1.7 Goals and Objectives

LoGMIEER, Dept. of Computer Engineering 2016-2017 4

and Password with the saved ID and Password in the Database.

LoGMIEER, Dept. of Computer Engineering 2016-2017 5

1.8 Relevant mathematics associated with the Project

1.8.1 System Description

1.8.2 Mathematical Model

The energy function E(v,h)of an RBM is defined as

LoGMIEER, Dept. of Computer Engineering 2016-2017 6

Figure 1.1 Restricted Boltzmann Machines(RBM)

F2= CD-K Sampling.

F4= RBM Assessment.

F5= Back propagation for fine-tuning.

LoGMIEER, Dept. of Computer Engineering 2016-2017 7

1.9 Names of Conferences/Journals where papers can

LoGMIEER, Dept. of Computer Engineering 2016-2017 8

1.10 Review of Conference /Journal Papers Support-

LoGMIEER, Dept. of Computer Engineering 2016-2017 9

Table 1.1 literature survey

LoGMIEER, Dept. of Computer Engineering 2016-2017 10

LoGMIEER, Dept. of Computer Engineering 2016-2017 11