Abstract
In this paper, we propose a new approach for the static detection of Android malware by means of machine learning that is based on software complexity metrics, such as McCabe’s Cyclomatic Complexity and the Chidamber and Kemerer Metrics Suite. The practical evaluation of our approach, involving 20,703 benign and 11,444 malicious apps, witnesses a high classification quality of our proposed method, and we assess its resilience against common obfuscation transformations. With respect to our large-scale test set of more than 32,000 apps, we show a true positive rate of up to 93% and a false positive rate of 0.5% for unobfuscated malware samples. For obfuscated malware samples, however, we register a significant drop of the true positive rate, whereas permission-based classification schemes are immune against such program transformations. According to these results, we advocate for our new method to be a useful detector for samples within a malware family sharing functionality and source code. Our approach is more conservative than permission-based classifications, and might hence be more suitable for an automated weighting of Android apps, e.g., by the Google Bouncer.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cisco Systems Inc.: Cisco 2014 Annual Security Report. https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf (accessed: March 18, 2014)
Bartlomiej Uscilowski: Symantec Security Response (Mobile Adware and Malware Analysis), http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/madware_and_malware_analysis.pdf (accessed: March 18, 2014)
McCabe, T.J.: A Complexity Measure. IEEE Transactions on Software Engineering SE-2(4), 308–320 (1976)
Chidamber, S.R., Kemerer, C.F.: A Metrics Suite for Object Oriented Design. IEEE Transactions on Software Engineering 20(6), 476–493 (1994)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: Permission Usage to Detect Malware in Android. In: Herrero, Á., et al. (eds.) Int. Joint Conf. CISIS 2012-ICEUTE 2012-SOCO 2012. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)
Hanley, J.A., McNeil, B.J.: The meaning and use of the area under a receiver operating characteristic (ROC) curve. Radiology 143(1), 29–36 (1982)
Protsenko, M., Müller, T.: PANDORA Applies Non-Deterministic Obfuscation Randomly to Android. In: Osorio, F.C. (ed.) 8th International Conference on Malicious and Unwanted Software (Malware 2013) (October 2013)
Kolter, J.Z., Maloof, M.A.: Learning to Detect and Classify Malicious Executables in the Wild. Journal of Machine Learning Research 7, 2721–2744 (2006)
Kong, D., Yan, G.: Discriminant Malware Distance Learning on Structural Information for Automated Malware Classification. In: Proceedings of the International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2013, pp. 347–348. ACM, New York (2013)
Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android Malware Detection through Manifest and API Calls Tracing. In: Seventh Asia Joint Conference on Information Security (Asia JCIS 2012), Tokyo, Japan (August 2012)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Nieves, J., Bringas, P.G., lvarez Maran, G.: MAMA: Manifest Analysis for Malware detection in Android. Cybernetics and Systems 44(6-7), 469–488 (2013)
Sanz, B., Santos, I., Nieves, J., Laorden, C., Alonso-Gonzalez, I., Bringas, P.G.: MADS: Malicious Android Applications Detection through String Analysis. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 178–191. Springer, Heidelberg (2013)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In: Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2014)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-based Malware Detection System for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, New York, NY, USA, pp. 15–26 (2011)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: A Behavioral Malware Detection Framework for Android Devices. Journal of Intelligent Information Systems 38(1), 161–190 (2012)
Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot - A Java Bytecode Optimization Framework. In: Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research, CASCON 1999. IBM Press (1999)
Beyer, D., Fararooy, A.: A Simple and Effective Measure for Complex Low-Level Dependencies. In: Proceedings of the 8th International Conference on Program Comprehension, ICPC 2010. IEEE Computer Society, Washington, DC (2010)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission Evolution in the Android Ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 31–40. ACM, New York (2012)
Desnos, A., Gueguen, G.: Android: From Reversing to Decompilation. In: Proceedings of the Black Hat Conference, Operational Cryptology and Virology Laboratory, Abu Dhabi (July 2011)
Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: Evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 329–334. ACM, New York (2013)
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA Data Mining Software: An Update. ACM SIGKDD Explorations Newsletter 11(1), 10–18 (2009)
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-Sandbox: Having a Deeper Look into Android Applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC 2013), pp. 1808–1815. ACM, New York (2013)
Hosmer, D., Lemeshow, S., Sturdivant, R.: Applied Logistic Regression, 2nd edn. Wiley Series in Probability and Statistics. John Wiley & Sons (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Protsenko, M., Müller, T. (2014). Android Malware Detection Based on Software Complexity Metrics. In: Eckert, C., Katsikas, S.K., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2014. Lecture Notes in Computer Science, vol 8647. Springer, Cham. https://doi.org/10.1007/978-3-319-09770-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-09770-1_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09769-5
Online ISBN: 978-3-319-09770-1
eBook Packages: Computer ScienceComputer Science (R0)