SigColDroid: An Efficient and Reliable Approach to Discriminate Colluding Applications from Single-App Malware Based on Significant Permissions Intelligence

preprint OA: closed CC-BY-4.0
📄 Open PDF View at publisher

Abstract

Abstract Mobile devices are vulnerable to malicious apps that jeopardize user privacy and device integrity. Thisincludes single-app malware that operates independently and colluding Android apps that collaboratewith each other to carry out a malicious attack. Existing detection methods primarily focus on single-appmalware and hence will misclassify colluding Android apps. This paper introduces SigColDroid, a novelapproach for detecting colluding Android apps and single-app malware by leveraging dangerous permissions.The research begins by extracting and identifying key features, such as permissions, smali file size, andpermission rates, for model training. To facilitate comprehensive evaluation, a balanced dataset of 1,455apps is created, consisting of 485 benign apps, 485 randomly sampled single-app malware from theAndroZoo repository, and 485 colluding applications. Extensive experimentation is conducted using fiveensemble classifiers: random forest, Extra Trees, AdaBoost, XGBoost, and LightGBM. The classifiers areevaluated based on five metrics: Precision, Recall, F1-score, accuracy, and the area under the receiveroperation curve (ROC_AUC). The experimental findings highlight the following key insights: (i) Identificationof the five most significant permission features for detecting colluding applications; (ii) Positive impact ofsmali file size and permission rates on classification performance; (iii) Superior performance of RandomForest with a ROC_AUC of 99.48% and LightGBM with 96.91% accuracy, 96.96% precision, 96.90% recalland 96.90% F1-score compared to other classifiers; (iv) Comparative analysis with previous researchdemonstrates that SigColDroid, despite utilizing fewer features, outperforms state-of-the-art approaches.The proposed approach presents an effective solution for detecting colluding Android apps using permissionsand contributes to the advancement of improved detection and prevention mechanisms in mobile security

My notes (saved in your browser only)

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00
unpaywall
last seen: 2026-05-28T02:00:01.590549+00:00
License: CC-BY-4.0