Skip to main content
SpringerLink
Log in

Android Malware Detection Based on Software Complexity Metrics

  • Conference paper
Trust, Privacy, and Security in Digital Business (TrustBus 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8647))

Abstract

In this paper, we propose a new approach for the static detection of Android malware by means of machine learning that is based on software complexity metrics, such as McCabe’s Cyclomatic Complexity and the Chidamber and Kemerer Metrics Suite. The practical evaluation of our approach, involving 20,703 benign and 11,444 malicious apps, witnesses a high classification quality of our proposed method, and we assess its resilience against common obfuscation transformations. With respect to our large-scale test set of more than 32,000 apps, we show a true positive rate of up to 93% and a false positive rate of 0.5% for unobfuscated malware samples. For obfuscated malware samples, however, we register a significant drop of the true positive rate, whereas permission-based classification schemes are immune against such program transformations. According to these results, we advocate for our new method to be a useful detector for samples within a malware family sharing functionality and source code. Our approach is more conservative than permission-based classifications, and might hence be more suitable for an automated weighting of Android apps, e.g., by the Google Bouncer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cisco Systems Inc.: Cisco 2014 Annual Security Report. https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf (accessed: March 18, 2014)

  2. Bartlomiej Uscilowski: Symantec Security Response (Mobile Adware and Malware Analysis), http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/madware_and_malware_analysis.pdf (accessed: March 18, 2014)

  3. McCabe, T.J.: A Complexity Measure. IEEE Transactions on Software Engineering SE-2(4), 308–320 (1976)

    Article  MathSciNet  Google Scholar 

  4. Chidamber, S.R., Kemerer, C.F.: A Metrics Suite for Object Oriented Design. IEEE Transactions on Software Engineering 20(6), 476–493 (1994)

    Article  Google Scholar 

  5. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: Permission Usage to Detect Malware in Android. In: Herrero, Á., et al. (eds.) Int. Joint Conf. CISIS 2012-ICEUTE 2012-SOCO 2012. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)

    Google Scholar 

  6. Hanley, J.A., McNeil, B.J.: The meaning and use of the area under a receiver operating characteristic (ROC) curve. Radiology 143(1), 29–36 (1982)

    Article  Google Scholar 

  7. Protsenko, M., Müller, T.: PANDORA Applies Non-Deterministic Obfuscation Randomly to Android. In: Osorio, F.C. (ed.) 8th International Conference on Malicious and Unwanted Software (Malware 2013) (October 2013)

    Google Scholar 

  8. Kolter, J.Z., Maloof, M.A.: Learning to Detect and Classify Malicious Executables in the Wild. Journal of Machine Learning Research 7, 2721–2744 (2006)

    MATH  MathSciNet  Google Scholar 

  9. Kong, D., Yan, G.: Discriminant Malware Distance Learning on Structural Information for Automated Malware Classification. In: Proceedings of the International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2013, pp. 347–348. ACM, New York (2013)

    Google Scholar 

  10. Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android Malware Detection through Manifest and API Calls Tracing. In: Seventh Asia Joint Conference on Information Security (Asia JCIS 2012), Tokyo, Japan (August 2012)

    Google Scholar 

  11. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Nieves, J., Bringas, P.G., lvarez Maran, G.: MAMA: Manifest Analysis for Malware detection in Android. Cybernetics and Systems 44(6-7), 469–488 (2013)

    Google Scholar 

  12. Sanz, B., Santos, I., Nieves, J., Laorden, C., Alonso-Gonzalez, I., Bringas, P.G.: MADS: Malicious Android Applications Detection through String Analysis. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 178–191. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  13. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In: Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2014)

    Google Scholar 

  14. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-based Malware Detection System for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, New York, NY, USA, pp. 15–26 (2011)

    Google Scholar 

  15. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: A Behavioral Malware Detection Framework for Android Devices. Journal of Intelligent Information Systems 38(1), 161–190 (2012)

    Article  Google Scholar 

  16. Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot - A Java Bytecode Optimization Framework. In: Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research, CASCON 1999. IBM Press (1999)

    Google Scholar 

  17. Beyer, D., Fararooy, A.: A Simple and Effective Measure for Complex Low-Level Dependencies. In: Proceedings of the 8th International Conference on Program Comprehension, ICPC 2010. IEEE Computer Society, Washington, DC (2010)

    Google Scholar 

  18. Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission Evolution in the Android Ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 31–40. ACM, New York (2012)

    Google Scholar 

  19. Desnos, A., Gueguen, G.: Android: From Reversing to Decompilation. In: Proceedings of the Black Hat Conference, Operational Cryptology and Virology Laboratory, Abu Dhabi (July 2011)

    Google Scholar 

  20. Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: Evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 329–334. ACM, New York (2013)

    Chapter  Google Scholar 

  21. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA Data Mining Software: An Update. ACM SIGKDD Explorations Newsletter 11(1), 10–18 (2009)

    Article  Google Scholar 

  22. Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-Sandbox: Having a Deeper Look into Android Applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC 2013), pp. 1808–1815. ACM, New York (2013)

    Chapter  Google Scholar 

  23. Hosmer, D., Lemeshow, S., Sturdivant, R.: Applied Logistic Regression, 2nd edn. Wiley Series in Probability and Statistics. John Wiley & Sons (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany

    Mykola Protsenko & Tilo Müller

Authors
  1. Mykola Protsenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tilo Müller
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fraunhofer-Institut für Angewandte und Integrierte Sicherheit (AISEC), Parkring 4, 85748, Garching, Germany

    Claudia Eckert

  2. Department of Digital Systems, University of Piraeus, 150 Androutsou St., 185 32, Piraeus, Greece

    Sokratis K. Katsikas

  3. LS Wirtschaftsinformatik 1 - Informationssysteme, Universität Regensburg, Universitätsstr. 31, 93053, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Protsenko, M., Müller, T. (2014). Android Malware Detection Based on Software Complexity Metrics. In: Eckert, C., Katsikas, S.K., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2014. Lecture Notes in Computer Science, vol 8647. Springer, Cham. https://doi.org/10.1007/978-3-319-09770-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09770-1_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09769-5

  • Online ISBN: 978-3-319-09770-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation