A

Project Report

On
“Malware Detection on
Android Smartphone”
Partial Fulfillment of the Requirement for the Diploma in Computer Engineering,

By
1) Ghungarde Rutuja Shivaji [2214640024]

2) Jadhav Payal Bhausaheb [2214640038]

3) Karle Nita Satish [2214640041]

Guided By

Prof. Hole P.P

Sakeshwar Gramin Vikas Seva Sanstha's

Sau.Sundarbai Manik Adsul Polytechnic
Chas, Nimblak By Pass Road, Ahmednagar
Maharashtra State Board of Technical
Education(2024-2025)
 Sakeshwar Gramin Vikas Seva Sanstha's
Sau.Sundarbai Manik Adsul Polytechnic
Department Of Computer Engineering.

CERTIFICATE
This is to certify that the project work entitled
“Malware Detection on
Android Smartphone”

is

Submitted by
1)Ghungarde Rutuj Shivaji [2214640024]

2)Jadhav Payal Bhausaheb [2214640038]

3)Karle Nita Satish [2214640041]

In the partial fulfillment of Diploma in Computer Engineering has been

Satisfactory carried out under my guidance as per the requirement of
Maharashtra State Board of Technical Education, Mumbai during the academic
year 2024-2025.

Date:
Place: Chas, Nimblak By Pass Road, Ahmednagar,

GUIDE HOD PRINCIPAL

(Prof. Hole P.P.) ( Prof.Hole P.P.) ( Prof.Gadakh R.S.)
 CERTIFICATE

This is to certify that Mr/Ms: Ghungarde Rutuja Shivaji ………………..

From Sau.Sundarbai Manik Adsul Polytechnic College having Enrollment No: 2214640024…………
has completed Report on the Semester V Project Report having title: Malware Detection on Android
Smartphone ……………………………………….
individually/in a group Consisting of 3 persons under the guidance of the faculty Guide.

Name & Signature of Guide: Prof.Hole P.P

Name & Signature of HOD:Prof.Hole P.P

 Acknowledgments

I here by take this opportunity to express my heart felt gratitude towards the people
whose help is very useful to complete my dissertation work on the topic of
“Malware Detection on Android Smartphone.” Inspiration and Guidance are
invaluable in all aspects of life especially on the fields of gratitude and obligation and
sympathetic attitude which I received from my respected project Guide, Prof.Hole
P.P. whose guidance and encouragement contributed greatly to the completion of
this thesis work.

I would like to thank to all faculty members Prof. Hole P.P HOD of Computer
Engineering Department and all my friends and well-wishers for their co-operation
and supports in making this thesis work successful.

I would also like to thank our Principal Prof.Gadakh R.S. for his warm sup- port
and providing all necessary facilities to us. Under these responsible personalities, I have
been efficiently able to complete my thesis in time with success

Ghungarde Rutuja Shivaji

Jadhav Payal Bhausaheb

Karle Nita Satish

 ABSTRACT

In the modern era, millions of mobile apps are available, making it hard for users to
distinguish fraudulent ones, especially on platforms like the Play Store. Detecting new
malware and malicious variants has been challenging. This system proposes a method for
feature extraction from Python source code, using Keywords Correlation Distance (KCD) to
analyze key elements such as API calls, Android permissions, and common parameters in
malware code. By applying SVM, the system can adapt to identify new and existing malware,
combining behavioral characteristics to enhance detection accuracy.
 CONTENT PAGE

Chapter 1 INTRODUCTION

1.1 Existing System

1.2 Motivation

1.3 Proposed System……………………………………………………….......

1.4 Feasibility Study

Chapter 2 LITERATURE SURVEY

2.1 Literature survey…………………………………………….................

Chapter 3 SCOPE OF PROJECT

3.1 Problem Definition…………………………………………….......................

3.2 Description…………………………………………….......

3.3 Aim…………………………………………….........................

3.4 Objectives……………………………………………..........................

3.5 Features……………………………………………..........................

3.6 Advantages………………………………………………………….

Chapter 4 METHODOLOGY

4.1 Proposed System Design

4.2 Modules

4.3 System Requirements Specification

4.4 Functional Requirements

4.5 Software and Hardware Requirements

4.6 Software Life Cycle

Chapter 5 DETIALED DESIGN

5.1 System Design

5.2 System Architecture

5.3 Analysis Model

5.4 Implementation Plan

Chapter 6 CONCLUSION

REFERENCES
 CHAPTER:1
INTRODUCTION

Android malwares have increased significantly in recent years. Smartphone is performing

a more and more important role in daily life. There is no doubt that Android has become the

most popular platform for smart phone today. This trend has attracted attention of attackers,

more and more malicious applications emerged in the official and alternative Android

marketplaces. Malware is an abbreviation for two words malicious and software. Actually, it

is software that included in the computer system for malicious purposes, without any

knowledge from the computer owner. It may be used to collect important information, or gain

access to computer systems. The seriousness of malicious software ranges from hurt the users

with annoying Ads to steal important data. With the advent of the Internet era, the smart

phones in the world are also getting more and more popular, especially the smart phone with

Android operating system with its excellent performance.

1.1. EXISTING SYSTEM:

 Signature-Based Detection: Early mobile antivirus solutions operated similarly to their

desktop counterparts, using a database of known malware signatures to detect malicious

apps. When an app was scanned, its code was compared against this database, and if a

match was found, the app was flagged as malware. Technical Analysis: Relies on past

market data, primarily price and volume, to predict future market movements.

 Permission-Based Analysis: Early detection systems often focused on analyzing the

permissions requested by an app. Apps that requested permissions beyond what was

necessary for their functionality were flagged as suspicious.

 1.2. MOTIVATION
Android malwares have increased significantly in recent years. It has been high-lighted

that among all mobile malware, the share of Android based malware is higher than 46 percent

and still growing rapidly Given the rampant growth of Android mal-ware, there is a pressing

need to effectively mitigate or defend against them.

1.3. PROPOSED SYSTEM:

This system proposes a method for feature extraction from Python source code, using

Keywords Correlation Distance (KCD) to analyze key elements such as API calls, Android

permissions, and common parameters in malware code. By applying SVM, the system can

adapt to identify new and existing malware, combining behavioral characteristics to enhance

detection accuracy.

• Malware detection in mobile apps provides critical security benefits, protecting user data,

enhancing device performance, and maintaining the trustworthiness of mobile ecosystems.

• These advantages contribute to a safer, more reliable mobile environment, benefiting both

users and developers while supporting compliance with regulatory standards and

minimizing the costs associated with malware incidents.

1.4. FEASIBILITY STUDY:

All projects are feasible, given unlimited resources and infinite time. But the development

of software is plagued by the scarcity of resources and difficult delivery rates.It is prudent to

evaluate the feasibility of the project at the earliest possible time. Three keyconsiderations are

involved in feasibility analysis. Three key considerations are involved in feasibility analysis.
 1.4.1 TECHNICAL FEASIBILITY:

Technical feasibility Centre’s on the existing system (Hardware, Software etc.,) and to

what extent it can support the proposed addition. If the budget is a serious constraint, then the

project is judged not feasible.

1.4.2 COST OF THE PROJECT:

Cost estimation factors in elements such as:

• Labor: The cost of team members’ wages and time working on the project

• Materials and equipment: Physical tools, software, legal permits, and the like

• Facilities: The use of external workspaces

• Vendors: Third-party vendors and/or contractors

• Risk: Contingency plans to reduce risk

If the project is a go, the project manager must devise a budget based on the cost

estimation document, allocating resources properly. Managing that budget is key to the

project’s success. If certain pieces of the project end up costing more or less than anticipated,

the project manager will need to manage the risk and reallocate funds as necessary.

1.4.3 OPERATIONAL FEASIBILITY:

People are inherently resistant to change, and computers have been known to facilitate

change. It is understandable that the introduction of a candidate system requires special effort

to educate, sell, and train the staff on new ways of conducting business.
 CHAPTER:2
LITERATURE SURVEY

2.1 LITERATURE SURVEY:

1. Title : Examining Features for Android Malware Detection

Author:M. Leeds, M. Keffeler,T.Atkison

Mobile malware is a constant threat for Android users.As these devices be come

increasingly important in our daily lives, it is of the utmost importance to ensure their

safety and security.

2. Title : Android Malware Detection and Protection: A Survey

Author: Saba Arshad,Abid Khan, Munam Ali Shah, Mansoor Ahmed.

A detailed performance evaluation of these antimalware techniques is also pro-vided and

the benefits and limitations of these antimalware are deduced comprehensively

3. Title : An Intelligent Methodology for Malware Detection in Android Smart-phones Based

Static Analys

Author: Ahmed H.Mostafa, Marwa M. A.Elfattah and Aliaa A. A. Youssif

It takes into account various features based on permissions declared in ndroid-

Manifest.xml file and methods and APIs used in the applications.Authors ex-tracted the

features from 650 application divided into 325 for malware repre-senting 89 malware

families and 325 benign applications.

4. Title: Smartphone Applications, Malware and Data Theft

Author:Lynn M. Batten,Veelasha Moonsamy and Moutaz Alazab

Authors introduced a new Application Programming Interface (API) as well as two

additional permissions and applied a method known as privilege separation, which extracts

the advertising component from the main functionality component of the Application.

5. Title : Detection, Classification and Characterization of Android Malware Us-ing API

Data Dependency

Author: Yongfeng Li, Tong Shen, Xin Sun, Xuerui Pan, and Bing Mao

Authors proposed DroidADDMiner,an efficient and precise system to detect, classify and

characterize Android malware DroidADDMiner is a machine learn-ing based system that

extracts features based on data dependency between sensitive APIs. It extracts API data

dependence paths embedded in app to construct feature vectors for machine learning.
 CHAPTER:3
SCOPE OF THE PROJECT

3.1. PROBLEM DEFINITION

Because of rampant growth of Android malware, there is a pressing need to develop a system

which effectively mitigate or defend against them. To detect whether or not the app possesses

the characteristics of benign and relate between the apps features and the features that are

needed to deliver its category’s functionalities.

3.2. DESCRIPTION:

Android malwares have increased significantly in recent years. It has been high-lighted that

among all mobile malware, the share of Android based malware is higher than 46percent and

still growing rapidly Given the rampant growth of Android mal-ware, there is a pressing need

to effectively mitigate or defend against them. With the popularity of Android devices, more

and more Android malware is manufactured every year. How to filter out malicious app is a

serious problem for app markets. Analyzing applications in order to identify malicious ones

is a current major concern in information security; In view of the traditional feature extraction

method based on binary program, this paper presents a method for feature extraction of JAVA

source code. The method uses the Keywords Correlation Distance to compute the correlation

between key codes such as API calls, Android permissions, the common param-eters, and the

common key words in Android malware source code. Then SVM is applied to make the

system gain to accommodate the function of the new malicious software sample, so as to

detect new malicious software and existing malwares.

 3.3 AIM:

To develop a system which effectively mitigate malware detection focus on identifying the

features of malicious apps by using machine learning techniques to recognize and model the

malicious patterns of static features and dynamic behaviors of malware.

3.4. OBJECTIVES:

1. To develop a system which effectively mitigate or defend against malware.

2. To develop system which observe applications run time dynamic behavior.

3.5. FEATURES:

• Malware detection in mobile apps provides critical security benefits, protecting user data,

enhancing device performance, and maintaining the trustworthiness of mobile ecosystems.

• These advantages contribute to a safer, more reliable mobile environment, benefiting both

users and developers while supporting compliance with regulatory standards and

minimizing the costs associated with malware incidents.

3.6 ADVANTAGES:

1. Protects User Data and Privacy

Prevents Data Theft: Malware detection helps prevent unauthorized access to sensitive

information such as contacts, messages, photos, and financial data, safeguarding users

from identity theft and fraud.

2. Enhances Device Security

Prevents Unauthorized Access: Malware detection systems can identify and block apps

that attempt to exploit vulnerabilities in the operating system or other apps, preventing

unauthorized access to the device.

 CHAPTER:4
METHODOLOGY

4.1 PROPOSED SYSTEM DESIGN

Figure shows schematic of system architecture. Our system uses a feature ex-traction method

based on keywords correlation distance which is different from the traditional method based

on binary program. In this method Java code is extracted from apk file and keyword extraction

is done also, permissions in android manifest file are checked. Second, we use feature vector

to describe malicious software fea-ture including not only API’s, but also the Android

Malware Detection Using Key-word Vector & SVM common parameters and common

package etc. Third, we give a malware detection method through SVM based on the feature

vector set, which can detect new malwares and malicious software variants.which can detect

new malwares and malicious software variants.

4.2) MODULES
1) Feature Extraction: The feature extraction module is responsible for the feature extraction

a) Decompiling: In this module we unzip Android application package(APK) to get the

Mani-fest.xml file in the root directory then we use the open source software dex2jarand

jadnt158 to decompile the classes.dex in the directory.

b) Selection of Keywords : We select five representative keywords set according to the

observation of malwares i. Android Permission ii. Activity Action Intent Parameter iii.

Broadcast Intent Action Constant iv. The commonly Package Name v. API Call

c) Statistic keywords : In this module we record the frequency and location of every

keyword in class of APK and in the configuration file, to storage the information using

matrix then use Keywords Correlation Distance algorithm calculated the distance be tween

the two keywords

2) Machine Learning Machine learning module is responsible for classification

And decision making.

d) Classification : We present a classification method based on SVM(Support Vector

Machine).SVM is a supervised learning model with associated learning algorithms that

analyze data used for classification and regression analysis.

e) Training module : We use LIBSVM is a library for Support Vector Ma-chines to train.

The steps of training are shown as follows:

(a) Prepare training samples and testing samples.

(b) Build java project, import LibSVM jars.

(c) Put the training samples and testing samples under the project direc-tory,also you

can build a directory by yourself.

2) Decision This module we classify the keyword sets as seven types:

a) NETWORK

b) PHONESTATE

c) SYSTEMINFO

d) GPSLOCATION

e) WRITESTORAGE

f) BULETOOTN

g) SMS

4.3. SOFTWARE REQUIREMENT SPECIFICATION (SRS)

 Purpose: The main purpose for preparing this document is to give a general insight into the

analysis and requirements of the existing system or situation and for determining the operating

characteristics of the system.

 Scope: This Document plays a vital role in the development life cycle (SDLC) and it

describes the complete requirement of the system. It is meant for use by the developers and

will be the basic during testing phase. Any changes made to the requirements in the future will

have to go through formal change approval process.

4.4. FUNCTIONAL REQUIREMENTS

Functional user requirements may be high-level statements of what the system should do but

functional system requirements should also describe clearly about the system services in

detail. The following are the key fields, which should be part of the functional requirements:

 User: Execute the task

 Usability: This relates to how easily people can use your app. A measure of usability could

be the time it takes for end users to become familiar with your app’s functions, without

training or help.
 Reliability: This is the percentage of time that your app works correctly to deliver the desired

results, despite potential failures in its environment.

 Performance: This is essentially how fast your app works. A performance requirement for

the app could be start in less than 20 seconds.

 Responsiveness: This requirement ensures that your app is ready to respond to a user’s input

or an external event no matter what it’s doing currently.

4.5. SOFTWARE AND HARDWARE REQUIREMENT

4.5.1. Software Requirements

1. Operating System: Windows 7 or 10

2. Programming Language: Java

3. Toolkit: Android 2.3

4. IDE: Android Studio

4.5.2. Hardware Requirements

1. System : Core2 Duo 2.4 GHz

2. Hard Disk: 32 GB

3. RAM: 2GB or Higher

4. Android Device 3.

5 Software Engineering Methodology

4.6. SOFTWARE LIFE-CYCLE

SDLC used in this Project The Waterfall Model was first Process Model to be introduced. It
is also referred to as a linear-sequential life cycle model. It is very simple to understand and
use. In a waterfall model, each phase must be completed fully before the next phase can
begin. This type of model is basically used for the for the project which is small and there are
no uncertain requirements At the end of each phase, a review takes place to determine if the
project is on the right path and whether or not to continue or discard the project. In this model
the testing starts only after the development is complete. In waterfall model phases do not
overlap.
 CHAPTER:5
DETAILS OF DESIGNS, WORKING & PROCESS

5.1 SYSTEM DESIGN:

Systems design is the process of defining elements of a system like modules,
architecture, components and their interfaces and data for a system based on the specified
requirements. It is the process of defining, developing and designing systems which satisfies
the specific needs and requirements of a business or organization.
A systemic approach is required for a coherent and well-running system. Bottom-Up
or Top-Down approach is required to take into account all related variables of the system. A
designer uses the modelling languages to express the information and knowledge in a
structure of system that is defined by a consistent set of rules and definitions. The designs
can be defined in graphical or textual modelling languages.

Some of the examples of graphical modelling languages are:

a. Unified Modelling Language (UML): To describe software both structurally and
behaviourally with graphical notation.
b. Flowchart : A schematic or stepwise representation of an algorithm.
c. Business Process Modelling Notation (BPMN): Used for Process Modelling language.
d. Systems Modelling Language (SysML): Used for systems engineering.

5.2 SYSTEM ARCHITECTURE:-

The architecture of a system describes its major components, their relationships
(structures), and how they interact with each other. Software architecture and design includes
several contributory factors such as Business strategy, quality attributes, human dynamics,
design, and IT environment.
 Fig. 51 System Architecture

5.3 ANALYSIS MODEL:

Analysis model operates as a link between the 'system description' and the 'design
model'.In the analysis model, information, functions and the behaviour of the system is
defined and these are translated into the architecture, interface and component level design in
the 'design modeling'.

5.3.1 DATA FLOW DAIGRAM (DFD):

A data-flow diagram (DFD) is a way of representing a flow of a data of a process or a
system The DFD also provides information about the outputs and inputs of each entity and the
process itself. A data-flow diagram has no control flow, there are no decision rules and no
loops. Specific operations based on the data can be represented by a flowchart.
 It shows how data enters and leaves the system, what changes the information, and
where data is stored. The objective of a DFD is to show the scope and boundaries of a system
as a whole. It may be used as a communication tool between a system analyst and any person
who plays a part in the order that acts as a starting point for redesigning a system. The DFD is
also called as a data flow graph or bubble chart.

Fig 5.2 Level 0 Data Flow Diagram

Fig 5.3 Level 1 Data Flow Diagram

5.3.2 UML DAIGRAMS:

UML is an acronym that stands for Unified Modeling Language. Simply put, UML is a modern
approach to modeling and documenting software. It is based on diagrammatic representations
of software components. As the old proverb says: “a picture is worth a thousand words”. By using
visual representations, we are able to better understand possible flaws or errors in software or
business processes.
The UML Class diagram is a graphical notation used to construct and visualize object
oriented systems. A class diagram in the Unified Modeling Language (UML) is a type of static
structure diagram that describes the structure of a system by showing the system's:
 classes,

 their attributes,

 operations (or methods),

 and the relationships among objects.

5.3.3.1 USE CASE DAIGRAM:

A use case describes how a user uses a system to accomplish a particular goal. A use
case diagram consists of the system, the related use cases and actors and relates these to each
other to visualize: what is being described? (system), who is using the system? (actors) and
what do the actors want to achieve? (use cases), thus, use cases help ensure that the correct
system is developed by capturing the requirements from the user's point of view.

A use case is a list of actions or event steps typically defining the interactions between
a role of an actor and a system to achieve a goal. A use case is a useful technique for
identifying, clarifying, and organizing system requirements. A use case is made up of a set of
possible sequences of interactions between systems and users that defines the features to be
implemented and the resolution of any errors that may be encountered.
Fig. 5.4 Use Case Diagram
5.3.3.2. CLASS DIAGRAM:

Class diagram is a static diagram. It represents the static view of an application. Class

diagram is not only used for visualizing, describing, and documenting different aspects of a

system but also for constructing executable code of the software application.

Class diagram describes the attributes and operations of a class and also the constraints

imposed on the system. The class diagrams are widely used in the modeling of objectoriented

systems because they are the only UML diagrams, which can be mapped directly with object-

oriented languages.

Class diagram shows a collection of classes, interfaces, associations, collaborations,

and constraints. It is also known as a structural diagram.

Fig. 5.5 Class Diagram

 5.3.3.3. ACTIVITY DIAGRAM

Activity diagram focuses on flow of control from activity to activity. It shows work flow of
our model. Above figure shows activity states, transitions, loops, decision nodes and concurrent
activities use by our proposed system.

Fig. 5.6 Activity Diagram

 5.3.3.4. SEQUENCE DIAGRAM

One sequence diagram typically represents a single Use Case ’scenario’ or own of
events.Sequence diagrams are an excellent way of documenting usage scenarios and both
capturing required objects early in analysis and verifying object use later in design. The diagrams
show the own of messages from one object to another, and as such correspond to the methods and
events supported by a class/object.

Fig. 5.7 Sequence Diagram

5.4. IMPLEMENTATION DETAILS:
 CHAPTER:6
CONCLUSION

In this system we proposed an extraction method of Android malware detection based on

KCD. Then we combine the feature into keywords feature vector. Finally, learn and decision

by SVM for detecting new malware and malicious variant. This system is different from

conventional methods. Experiments will show the method is effective and efficient in

detecting malwares on Android platforms

  References:

[1] M. Leeds, M. Keffeler, T. Atkison, “ Examining Features for Android Malware Detection ”
Computer Science Department, University of Alabama, Tuscaloosa, AL, USA Intel Conf.
Security and Management SAM’17 ISBN: 1-60132-467-7, 2017.
[2] Saba Arshad, Abid Khan, Munam Ali Shah, Mansoor Ahmed, “ Android Mal-ware Detection &
Protection: A Survey” (IJACSA) International Journal of Advanced Computer Science and
Applications, Vol. 7, No. 2, 2016.
[3] Ahmed H. Mostafa, Marwa M. A. Elfat tah and Aliaa A. A. Youssif, “ An In-telligent
Methodology for Malware Detection in Android Smartphones Based Static Analysis ”,
International Journal of Communication 2016
[4] Lynn M. Batten, Veelasha Moonsamy and Moutaz Alazab, “ Smartphone Ap plications,Malware
and Data Theft ” Springer Science Business Media Singa-pore 2016.
[5] Yongfeng Li(B), Tong Shen, Xin Sun, Xuerui Pan, and Bing Mao, “Detection, Classification
and Characterization of Android Malware Using API Data De-pendency ”, Institute for
Computer SciencesSocial Informatics and Telecom-munications Engineering 2015.
 ANNEXURE II
Evaluation Sheet for the Micro Project
Academic Year : 2024-2025

Name of Faculty: Prof. Edake.P.S

Course: CPP Course Code: 22058 Semester: 5th

Title of the Project: Malware Detection on

Android Smartphone
COs addressed by the Micro Project:

A: We understanding the basic concept of “Malware Detection on Android Smartphone”.

B: We understanding the approach for Detection.

Major learning outcomes achieved by students by doing the Project:
(a)Practical outcomes:
1. We able to understanding the Robust Machine Learning Models.
2. We able to understanding Educational Insight for users.

Comments/Suggestion about team work/leadership/inter-personal communication (if any)

Sr. Student Name Marks out of 6 for Marks out of 4 for Total
No. performance in performance in oral/ out of
presentation (D5 10
group activity (D5
Col.9)
Col. 8)
1 Ghungarde Rutuja Shivaji

2 Jadhav Payal Bhausaheb

3 Karle Nita Satish

(Name & Signature of Faculty)

Prof. Edake P.S