Abstract
In Android malware detection, fine-grained features can provide a more accurate description of the application’s behavior. Nonetheless fine-grained feature extraction has not been done perfectly, hence, invalid features will not only bring additional overhead but also reduce the detection accuracy. In this paper, we propose FGFDect, a malware classification model by mining Android applications for fine-grained features. Our work aims to handle two types of features that frequently appear in Android malware. One of them refers to the permissions that have been registered, but actually not been used. The other is the API called via the reflection mechanism. This information improves the precision of static analysis, which no longer need to make conservative assumptions about coarse-grained features. These two feature sets are fed into the machine learning algorithms to classify the app into benign or malware. FGFDect is evaluated on a large real-world data set consisting of 6400 malware apps and 4600 popular benign apps. Compared with those traditional approaches with coarse-grained features, extensive evaluation results demonstrate that the proposed approach exhibits an impressive detection accuracy of 96.7% with the false positive rate of 0.7%. In addition, the proposed approach complements existing permission-based approaches and API-based approaches.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chen, K., Wang, X., Chen, Y., et al.: Following devil’s footprints: cross-platform analysis of potentially harmful libraries on android and iOS. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 357–376. IEEE (2016)
Chen, J., Wang, C., Zhao, Z., Chen, K., et al.: Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13, 1286–1300 (2017)
Li, L., Bissyandé, T.F., Octeau, D., et al.: DroidRa: taming reflection to support whole-program analysis of android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 318–329. ACM (2016)
Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)
Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: android malware characterization and detection using deep learning. J. Tsinghua Univ. (Sci. Technol.) 21(1), 114–123 (2016)
Ping, X., Xiaofeng, W., Wenjia, N., et al.: Android malware detection with contrasting permission patterns. China Commun. 11(8), 1–14 (2014)
Li, M., Liu, Y., Yu, M., et al.: FEPDF: a robust feature extractor for malicious PDF detection. In: Trustcom/bigdatase/icess. IEEE (2017)
Jiang, J., et al.: A deep learning based online malicious URL and DNS detection scheme. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 438–448. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_22
Barros, P., Just, R., Millstein, S., Vines, P., Dietl, W., Ernst, M.D.: Static analysis of implicit control flow: resolving Java reflection and android intents. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE, Lincoln, Nebraska (2015)
Haohua, H., Zhanqi, C., Minxue, P., et al.: Automatic detection of malicious Android applications based on static and dynamic combination. J. Inf. Secur. 2(4), 27–40 (2017)
Yu, L., Zhang, T., Luo, X., et al.: Toward automatically generating privacy policy for Android apps. IEEE Trans. Inf. Forensics Secur. 12(4), 865–880 (2017)
Au, K.W.Y., Zhou, Y.F., Huang, Z., et al.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)
Kazdagli, M., Huang, L., Reddi, V., et al.: Morpheus: benchmarking computational diversity in mobile malware. In: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, p. 3. ACM (2014)
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., et al.: ANDRUBIS–1,000,000 apps later: a view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)
Li, L., Bissyandé, T.F., Octeau, D., et al.: Reflection-aware static analysis of android apps. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, pp. 756–761. ACM (2016)
Zhang, Y., Luo, X., Yin, H.: DexHunter: toward extracting hidden code from packed android applications. In: Pernul, G., Y A Ryan, P., Weippl, E. (eds.) Computer Security–ESORICS 2015. LNCS, vol. 9327, pp. 293–311. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_15
Arzt, S., Rasthofer, S., Fritz, C., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM Sigplan Not. 49(6), 259–269 (2014)
Arp, D., Spreitzenbarth, M., Hubner, M., et al.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)
Virus Share [EB/OL]. https://virusshare.com/. Accessed 12 Nov 2017
Acknowledgment
This work is supported by the National Key Research and Development Program of China (2016YFB0801001, 2016YFB0801004), and is supported in part by a research grant from Ant Financial.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Liu, C. et al. (2018). FGFDect: A Fine-Grained Features Classification Model for Android Malware Detection. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-01701-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-01701-9_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01700-2
Online ISBN: 978-3-030-01701-9
eBook Packages: Computer ScienceComputer Science (R0)