Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2018: Security and Privacy in Communication Networks pp 281–293Cite as

FGFDect: A Fine-Grained Features Classification Model for Android Malware Detection

  • Conference paper
  • First Online:

  • 1349 Accesses

Abstract

In Android malware detection, fine-grained features can provide a more accurate description of the application’s behavior. Nonetheless fine-grained feature extraction has not been done perfectly, hence, invalid features will not only bring additional overhead but also reduce the detection accuracy. In this paper, we propose FGFDect, a malware classification model by mining Android applications for fine-grained features. Our work aims to handle two types of features that frequently appear in Android malware. One of them refers to the permissions that have been registered, but actually not been used. The other is the API called via the reflection mechanism. This information improves the precision of static analysis, which no longer need to make conservative assumptions about coarse-grained features. These two feature sets are fed into the machine learning algorithms to classify the app into benign or malware. FGFDect is evaluated on a large real-world data set consisting of 6400 malware apps and 4600 popular benign apps. Compared with those traditional approaches with coarse-grained features, extensive evaluation results demonstrate that the proposed approach exhibits an impressive detection accuracy of 96.7% with the false positive rate of 0.7%. In addition, the proposed approach complements existing permission-based approaches and API-based approaches.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Chen, K., Wang, X., Chen, Y., et al.: Following devil’s footprints: cross-platform analysis of potentially harmful libraries on android and iOS. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 357–376. IEEE (2016)

    Google Scholar 

  2. Chen, J., Wang, C., Zhao, Z., Chen, K., et al.: Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13, 1286–1300 (2017)

    Article  Google Scholar 

  3. Li, L., Bissyandé, T.F., Octeau, D., et al.: DroidRa: taming reflection to support whole-program analysis of android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 318–329. ACM (2016)

    Google Scholar 

  4. Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)

    Google Scholar 

  5. Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: android malware characterization and detection using deep learning. J. Tsinghua Univ. (Sci. Technol.) 21(1), 114–123 (2016)

    Article  Google Scholar 

  6. Ping, X., Xiaofeng, W., Wenjia, N., et al.: Android malware detection with contrasting permission patterns. China Commun. 11(8), 1–14 (2014)

    Google Scholar 

  7. Li, M., Liu, Y., Yu, M., et al.: FEPDF: a robust feature extractor for malicious PDF detection. In: Trustcom/bigdatase/icess. IEEE (2017)

    Google Scholar 

  8. Jiang, J., et al.: A deep learning based online malicious URL and DNS detection scheme. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 438–448. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_22

    Chapter  Google Scholar 

  9. Barros, P., Just, R., Millstein, S., Vines, P., Dietl, W., Ernst, M.D.: Static analysis of implicit control flow: resolving Java reflection and android intents. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE, Lincoln, Nebraska (2015)

    Google Scholar 

  10. Haohua, H., Zhanqi, C., Minxue, P., et al.: Automatic detection of malicious Android applications based on static and dynamic combination. J. Inf. Secur. 2(4), 27–40 (2017)

    Google Scholar 

  11. Yu, L., Zhang, T., Luo, X., et al.: Toward automatically generating privacy policy for Android apps. IEEE Trans. Inf. Forensics Secur. 12(4), 865–880 (2017)

    Article  Google Scholar 

  12. Au, K.W.Y., Zhou, Y.F., Huang, Z., et al.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)

    Google Scholar 

  13. Kazdagli, M., Huang, L., Reddi, V., et al.: Morpheus: benchmarking computational diversity in mobile malware. In: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, p. 3. ACM (2014)

    Google Scholar 

  14. Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., et al.: ANDRUBIS–1,000,000 apps later: a view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)

    Google Scholar 

  15. Li, L., Bissyandé, T.F., Octeau, D., et al.: Reflection-aware static analysis of android apps. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, pp. 756–761. ACM (2016)

    Google Scholar 

  16. Zhang, Y., Luo, X., Yin, H.: DexHunter: toward extracting hidden code from packed android applications. In: Pernul, G., Y A Ryan, P., Weippl, E. (eds.) Computer Security–ESORICS 2015. LNCS, vol. 9327, pp. 293–311. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_15

    Chapter  Google Scholar 

  17. Arzt, S., Rasthofer, S., Fritz, C., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM Sigplan Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  18. Arp, D., Spreitzenbarth, M., Hubner, M., et al.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  19. Virus Share [EB/OL]. https://virusshare.com/. Accessed 12 Nov 2017

Download references

Acknowledgment

This work is supported by the National Key Research and Development Program of China (2016YFB0801001, 2016YFB0801004), and is supported in part by a research grant from Ant Financial.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Chao Liu, Jianan Li, Min Yu, Song Li, Kai Chen, Weiqing Huang & Bin Lv

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Jianan Li, Min Yu & Song Li

  3. Department of Electrical Engineering and Computer Science, University of Kansas, Lawrence, Kansas, USA

    Bo Luo

Authors
  1. Chao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Min Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bo Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Song Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kai Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Weiqing Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Bin Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Min Yu .

Editor information

Editors and Affiliations

  1. Klaus Advanced Computing Building, Georgia Institute of Technology, Atlanta, GA, USA

    Raheem Beyah

  2. Singapore Management University, Singapore, Singapore

    Bing Chang

  3. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yingjiu Li

  4. Pennsylvania State University, University Park, PA, USA

    Sencun Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, C. et al. (2018). FGFDect: A Fine-Grained Features Classification Model for Android Malware Detection. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-01701-9_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01701-9_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01700-2

  • Online ISBN: 978-3-030-01701-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation