Skip to main content
SpringerLink
Log in

RaNetMalDozer: A Novel NN-Based Model for Android Malware Detection Over Task Kernel Structures

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2019)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11944))

  • 1560 Accesses

Abstract

The traditional neural network can maintain the performance of identifying Android malware by learning Android characteristics. But owing to the rapid growth of Android information, it cannot deal with the massive data efficiently for millions of Android applications. In this paper, we propose a novel NN-based model (RaNetMalDozer) for Android malware detection to improve the accuracy rate of classification and the training speed. The RaNetMalDozer (RNMD) can dynamically select hidden centers by a heuristic approach and expeditiously gather the large-scale datasets of 12,750 Android applications. To systematically analyze Android kernel behaviors, we investigate 112 Android kernel features of task_struct and offer forensic analysis of key kernel features. Furthermore, compared to the traditional neural network, EBPN method which achieves an accuracy rate of 81%, our RNMD model achieves an accuracy rate of 94% with half of training and evaluation time. Our experiments also demonstrate the RNMD model can be used as a better technique of Android malware detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. http://apkpc.com/apps/com.microsoft.amp.apps.bingfinance.apk

  2. https://forums.tomsguide.com/threads/porn-virus-on-smartphone.185058/

  3. Android malicious threats. http://usa.kaspersky.com/internet-security-center

  4. Andrychowicz, M., et al.: Learning to learn by gradient descent by gradient descent. In: Advances in Neural Information Processing Systems, pp. 3981–3989 (2016)

    Google Scholar 

  5. Armijo, L.: Minimization of functions having lipschitz continuous first partial derivatives. Pac. J. Math. 16(1), 1–3 (1966)

    Article  MathSciNet  Google Scholar 

  6. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: Xmandroid: a new android evolution to mitigate privilege escalation attacks. Technische Universität Darmstadt, Technical report TR-2011-04 (2011)

    Google Scholar 

  7. Cawley, G.C., Talbot, N.L.: On over-fitting in model selection and subsequent selection bias in performance evaluation. J. Mach. Learn. Res. 11(Jul), 2079–2107 (2010)

    MathSciNet  MATH  Google Scholar 

  8. Chen, S., Cowan, C.F., Grant, P.M.: Orthogonal least squares learning algorithm for radial basis function networks. IEEE Trans. Neural Networks 2(2), 302–309 (1991)

    Article  Google Scholar 

  9. Demme, J., et al.: On the feasibility of online malware detection with performance counters. ACM SIGARCH Comput. Archit. News 41(3), 559–570 (2013)

    Article  Google Scholar 

  10. Ghorbanzadeh, M., Chen, Y., Ma, Z., Clancy, T.C., McGwier, R.: A neural network approach to category validation of android applications. In: 2013 International Conference on Computing, Networking and Communications (ICNC), pp. 740–744. IEEE (2013)

    Google Scholar 

  11. Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435 (2016)

  12. Hagan, M.T., Demuth, H.B., Beale, M.H., De Jesús, O.: Neural Network Design, vol. 20. PWS Publishing Company, Boston (1996)

    Google Scholar 

  13. Hou, S., Saas, A., Ye, Y., Chen, L.: DroidDelver: an android malware detection system using deep belief network based on API call blocks. In: Song, S., Tong, Y. (eds.) WAIM 2016. LNCS, vol. 9998, pp. 54–66. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47121-1_5

    Chapter  Google Scholar 

  14. Hsien-De Huang, T., Kao, H.Y.: R2–d2: color-inspired convolutional neural network (CNN)-based android malware detections. In: 2018 IEEE International Conference on Big Data (Big Data), pp. 2633–2642. IEEE (2018)

    Google Scholar 

  15. Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for android malware detection. In: 2011 Seventh International Conference on Computational Intelligence and Security (CIS), pp. 1011–1015. IEEE (2011)

    Google Scholar 

  16. Kim, H., Smith, J., Shin, K.G.: Detecting energy-greedy anomalies and mobile malware variants. In: Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2008)

    Google Scholar 

  17. Kim, H.H., Choi, M.J.: Linux kernel-based feature selection for android malware detection. In: The 16th Asia-Pacific Network Operations and Management Symposium, pp. 1–4. IEEE (2014)

    Google Scholar 

  18. Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: Accessminer: using system-centric models for malware protection. In: Proceedings of the 17th ACM Conference on Computer and Communications Security. pp. 399–412. ACM (2010)

    Google Scholar 

  19. Milosevic, N., Dehghantanha, A., Choo, K.K.R.: Machine learning aided android malware classification. Comput. Electr. Eng. 61, 266–274 (2017)

    Article  Google Scholar 

  20. Que, Q., Belkin, M.: Back to the future: radial basis function networks revisited. In: AISTATS, pp. 1375–1383 (2016)

    Google Scholar 

  21. Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)

    Google Scholar 

  22. Schwenker, F., Kestler, H.A., Palm, G.: Three learning phases for radial-basis-function networks. Neural Networks 14(4), 439–458 (2001)

    Article  Google Scholar 

  23. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: “andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)

    Article  Google Scholar 

  24. Shahzad, F., Akbar, M., Khan, S., Farooq, M.: Tstructdroid: realtime malware detection using in-execution dynamic analysis of kernel process control blocks on android. National University of Computer & Emerging Sciences, Islamabad, Pakistan, Technical Report (2013)

    Google Scholar 

  25. Socher, R., Manning, C.D., Ng, A.Y.: Learning continuous phrase representations and syntactic parsing with recursive neural networks. In: Proceedings of the NIPS-2010 Deep Learning and Unsupervised Feature Learning Workshop, vol. 2010, pp. 1–9 (2010)

    Google Scholar 

  26. Tan, D.J., Chua, T.W., Thing, V.L., et al.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. (CSUR) 47(4), 58 (2015)

    Google Scholar 

  27. Wu, W.C., Hung, S.H.: Droiddolphin: a dynamic android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems, pp. 247–252. ACM (2014)

    Google Scholar 

  28. Yao, J., Zheng, S., Bai, Z.: Sample Covariance Matrices and High-Dimensional Data Analysis, vol. 2. Cambridge University Press, Cambridge (2015)

    Book  Google Scholar 

  29. Zhu, D., Jin, H., Yang, Y., Wu, D., Chen, W.: Deepflow: deep learning-based malware detection by mining android application for abnormal usage of sensitive data. In: 2017 IEEE Symposium on Computers and Communications (ISCC), pp. 438–443. IEEE (2017)

    Google Scholar 

Download references

Acknowledgement

This research was funded by Fundamental Research Funds for the Central Universities under Grant 201962012.

Author information

Authors and Affiliations

  1. School of Engineering, Ocean University of China, Qingdao, 266100, China

    Xinning Wang & Chong Li

  2. Department of Computer Science and Software Engineering, Auburn University, Auburn, AL, 36849, USA

    Xinning Wang

Authors
  1. Xinning Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chong Li .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Software Engineering, Swinburne University of Technology, Hawthorn, Melbourne, VIC, Australia

    Sheng Wen

  2. School of Computer Science, The University of Sydney, Camperdown, NSW, Australia

    Albert Zomaya

  3. Department of Computer Science, St. Francis Xavier University, Antigonish, NS, Canada

    Laurence T. Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, X., Li, C. (2020). RaNetMalDozer: A Novel NN-Based Model for Android Malware Detection Over Task Kernel Structures. In: Wen, S., Zomaya, A., Yang, L. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2019. Lecture Notes in Computer Science(), vol 11944. Springer, Cham. https://doi.org/10.1007/978-3-030-38991-8_33

Download citation

Publish with us

Policies and ethics

Search

Navigation