Skip to main content
Springer Nature Link
Log in

Android Malicious Application Classification Using Clustering

  • Conference paper
  • First Online:
Intelligent Systems Design and Applications (ISDA 2018 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 941))

  • 1188 Accesses

Abstract

Android malware have been growing at an exponential pace and becomes a serious threat to mobile users. It appears that most of the anti-malware still relies on the signature-based detection system which is generally slow and often not able to detect advanced obfuscated malware. Hence time-to-time various authors have proposed different machine learning solutions to identify sophisticated malware. However, it appears that detection accuracy can be improved by using the clustering method. Therefore in this paper, we propose a novel scalable and effective clustering method to improve the detection accuracy of the malicious android application and obtained a better overall accuracy (98.34%) by random forest classifier compared to regular method, i.e., taking the data altogether to detect the malware. However, as far as true positive and true negative are concerned, by clustering method, true positive is best obtained by decision tree (97.59%) and true negative by support vector machine (99.96%) which is the almost same result obtained by the random forest true positive (97.30%) and true negative (99.38%) respectively. The reason that overall accuracy of random forest is high because the true positive of support vector machine and true negative of the decision tree is significantly less than the random forest.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. G DATA Mobile Internet Security. Technical report, G DATA (2017). https://www.gdatasoftware.com/mobile-internet-security-android. Accessed 02 Oct 2018

  2. Smartphone OS Market Share. Technical report, ITC (2017). https://www.idc.com/promo/smartphone-market-share/os. Accessed 02 Oct 2018

  3. APKTOOL. Technical report, Apache (2018). https://ibotpeaches.github.io/Apktool/documentation/. Accessed 02 Oct 2018

  4. Google Play. Technical report, Google (2018). https://play.google.com/store?hl=en. Accessed 02 Oct 2018

  5. How we fought bad apps and malicious developers in 2017. Technical report, Android Developers Blog (2018). https://android-developers.googleblog.com/2018/01/how-we-fought-bad-apps-and-malicious.html. Accessed 02 Oct 2018

  6. McAfee Mobile Threat Report December 2017. Technical report, McAfee (2018). https://www.mcafee.com/content/dam/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2017.pdf. Accessed 02 Oct 2018

  7. McAfee Mobile Threat Report Q1, 2018. Technical report, McAfee (2018). https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2018.pdf. Accessed 02 Oct 2018

  8. NumPy. Technical report (2018). http://www.numpy.org/. Accessed 02 Oct 2018

  9. Scikit-learn. Technical report (2018). http://scikit-learn.org/stable/#. Accessed 02 Oct 2018

  10. VirusTotal. Technical report, Google (2018). https://www.virustotal.com. Accessed 02 Oct 2018

  11. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  12. Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)

    Google Scholar 

  13. Caliński, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat.-Theory Methods 3(1), 1–27 (1974)

    Article  MathSciNet  Google Scholar 

  14. Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)

    Article  Google Scholar 

  15. Chen, T., Mao, Q., Yang, Y., Lv, M., Zhu, J.: TinyDroid: a lightweight and efficient model for android malware detection and classification. Mob. Inf. Syst. 2018, 9 (2018)

    Google Scholar 

  16. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)

    Article  Google Scholar 

  17. Feizollah, A., Anuar, N.B., Salleh, R., Suarez-Tangil, G., Furnell, S.: AndroDialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)

    Article  Google Scholar 

  18. Jiang, X., Zhou, Y.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109. IEEE (2012)

    Google Scholar 

  19. Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Significant permission identification for machine learning based android malware detection. IEEE Trans. Ind. Inform. 14, 3216–3225 (2018)

    Article  Google Scholar 

  20. Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: ANDRUBIS–1,000,000 apps later: a view on current android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)

    Google Scholar 

  21. de la Puerta, J.G., Sanz, B., Santos, I., Bringas, P.G.: Using dalvik opcodes for malware detection on android. In: International Conference on Hybrid Artificial Intelligence Systems, pp. 416–426. Springer (2015)

    Google Scholar 

  22. Rana, M.S., Rahman, S.S.M.M., Sung, A.H.: Evaluation of tree based machine learning classifiers for android malware detection. In: International Conference on Computational Collective Intelligence, pp. 377–385. Springer (2018)

    Google Scholar 

  23. Rousseeuw, P.J.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20, 53–65 (1987)

    Article  Google Scholar 

  24. Sharma, A., Sahay, S.K.: An investigation of the classifiers to detect android malicious apps. In: Information and Communication Technology, pp. 207–217. Springer (2018)

    Google Scholar 

  25. Sharma, A., Sahay, S.: Group-wise classification approach to improve android malicious apps detection accuracy. Int. J. Netw. Secur. 21(3), 409–417 (2019)

    Google Scholar 

  26. Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)

    Google Scholar 

  27. Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69. IEEE (2012)

    Google Scholar 

  28. You, W., Liang, B., Li, J., Shi, W., Zhang, X.: Android implicit information flow demystified. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 585–590. ACM (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CS and IS, BITS, Pilani, Goa Campus, Sancoale, India

    Hemant Rathore, Sanjay K. Sahay, Palash Chaturvedi & Mohit Sewak

Authors
  1. Hemant Rathore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sanjay K. Sahay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Palash Chaturvedi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohit Sewak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Hemant Rathore , Sanjay K. Sahay , Palash Chaturvedi or Mohit Sewak .

Editor information

Editors and Affiliations

  1. Machine Intelligence Research Labs, Auburn, WA, USA

    Ajith Abraham

  2. School of Information Technology and Engineering, Vellore Institute of Technology, Vellore, Tamil Nadu, India

    Aswani Kumar Cherukuri

  3. Tijuana Institute of Technology, Tijuana, Mexico

    Patricia Melin

  4. Machine Intelligence Research Labs, Auburn, WA, USA

    Niketa Gandhi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rathore, H., Sahay, S.K., Chaturvedi, P., Sewak, M. (2020). Android Malicious Application Classification Using Clustering. In: Abraham, A., Cherukuri, A., Melin, P., Gandhi, N. (eds) Intelligent Systems Design and Applications. ISDA 2018 2018. Advances in Intelligent Systems and Computing, vol 941. Springer, Cham. https://doi.org/10.1007/978-3-030-16660-1_64

Download citation

Publish with us

Policies and ethics