Volume - 7 | Issue - 5 | May - 2017 | 4.894 ISSN - 2249-555X | IF : | IC Value : 79.96 Permission based malware detection by using k means algorithm in Android OS Chetan J. Shelke Asst. Professor, Dept.of IT, P.R.Patil College of Engineering, Amravati, India Pravin Karde Asst. Professor, Dept of IT, Govt. Polytechnic, Amravati, India V. M. akre HOD, Dept.of Computer science SGBAU Amravati University Amravati, India KEYWORDS : Android OS, Smart phones, Malwares, permission, Applications Security. Original Research Paper Engineering I. INTRODUCTION Smartphone are helpless to malicious attack e small size of android devices, fond of with people's hasty procedure, increase the probability of malicious software injection onto smart phones. ey can be compromised in three respects: confidentiality, integrity, and availability [3].technological safety measures, such as firewalls, antivirus, and encryption, are infrequent on mobile phones, and mobile phone operating systems are not rationalized as commonly as those on personal computers. Mobile social networking applications sometimes lack the detailed privacy controls of their PC counterparts. Recent innovations in mobile commerce have enabled users to conduct many transactions from their smartphone, such as purchasing goods and applications over wireless networks, redeeming coupons and tickets, banking, processing point-of-sale payments, and even paying at cash registers. II. LITERATURE REVIEW Amir Houmansadr, Saman A. Zonouz, and Robin Berthier.[11] has proposed a cloud-based intrusion detection and response architecture. Its objectives are transparent operations to the user, light resource usage, and real-time and accurate intrusion detection and response. AsafShabtai and Yuval Elovici[12] present a light- weight, behavioural-based detection framework called Andromaly for Android smartphones, which realizes a Host-based Intrusion Detection System (HIDS). Byung-Gon Chun and PetrosManiatis[13] introduces an architecture called CloneCloud for seamless partial off-loading of program execution from the smartphone to a computational infrastructure hosting smartphone clones IkerBurguera, UrkoZurutuza, and Simin N. Tehrani.[14] monitors system calls of applications on the smartphones of many users, and analyzes these samples at a central server. Aubrey-Derrick Schmidt, Frank Peters, Florian Lamour, and Sahin Albayrak.[16] demonstrate how a smartphone running Symbian OS can be monitored to extract features for anomaly detection. Lakshmisub Ramanian.[17] e architecture was analyzed in terms of its security aspects and experimental performance and battery measurements are presented, which show the benefits of such a service in the cloud. III. PERMISSION BASED DETECTION In Permission based detection permission are extracted from android manifest xml database is created which contain permission required for malicious app. system extract the permission and then matched with permission database. Few malicious permission are as follows 1)Broadcast_sms 2)read_sms 3)receive_sms 4)write_sms 5)read_phone 6)call_phone 7)change_configuration. e selected features are collected into the signature database and divided into training data and test data and used by standard machine learning techniques to detect the android malware applications. In the first step we have used K-Means clustering to obtain k disjoint clusters on training datasets each cluster depicts a region of similar features instances in terms of Euclidean distances between the instances and their cluster centroids. We consolidate Market 2011 and Malware dataset into one dataset, and haphazardly select some portion of this dataset as a preparation dataset. e dataset is spoken to as (Xi,Yi), where i= 1, 2, ,n and Xi speaks to a n-dimensional vector (x1,x2, ,xn) and Yi= –1, 1 speaks to the relating class mark with 1 for generous and –1 for malware. For K-implies grouping, we set the info parameter k as the quantity of bunches, and segment the preparation dataset that contains n application consents into k groups. e k groups have two qualities: the intra bunch closeness is high, however the entomb group similitude is low. e mean estimation of the question comparability in a bunch is characterized as the group similitude, which is the group "centroid" or the focal point of gravity. We utilize the Weighted Euclidean separation to give the similitude between two applications. It is processed as takes after: In the developing market now a days cashless transaction are increasing day by day same time its difficult to manage security while online transaction through android phone as the many application downloaded from market which is freely available may leak private information or some important information like banking transaction details ,bank account number ,etc ,now a days smartphones are vulnerable for app containing malware ,camera based attack ,SMS based attack may steal your private information .permission based method for malware detection is presented to detect malware from app. decision can be taken that downloaded app is malicious or not is done by k means algorithm k means algorithm form a cluster to classify malicious app .the proposed methodology is useful when the signature of app is not present in malware dataset .system describe the process of extracting features of android apk file in order to detect the malware by using android manifest file. e main aim of this proposed system is to develop an accessible and comprehensive Eclipse structure application, can potentially able to check which applications are using malicious permission or requesting for that permission . ABSTRACT 538 INDIAN JOURNAL OF APPLIED RESEARCH