Abstract
A good number of android applications are available in markets on the Internet. Among them a good number of applications are law quality apps (or malware) and therefore it is difficult for android users to decide whether particular application is malware or benign at installation time. In this paper, we propose a design of system to classify android applications into two classes i.e. malware or benign. We have used hybrid approach by combining application analysis and machine learning technique to classify the applications. Application analysis is performed by both static and live analysis techniques. Genetic algorithm based machine learning technique is used to create rules for creating rule base for the system. The system is tested with applications collected from the various markets on the Internet and two datasets. We have obtained 96.43 % detection rate to classify the applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., Hoffmann, J.: Mobile-sandbox: combining static and dynamic analysis with machine-learning techniques. Int. J. Inf. Secur. 14(2), 141–153 (2015)
Schmidt, A., Bye, R., Schmidt, H., Clausen, J., Kiraz, O., Yuksel, K., Camtepe, S., Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: IEEE International Conference on Communications (ICC 2009), Dresden, pp. 1–5 (2009)
Kang, H., Jang, J.-w., Mohaisen, A., Kim, H.: Detecting and classifying android malware using static analysis along with creator information. Int. J. Distrib. Sens. Netw. 2015, 9 (2015). Article ID 479174
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: 20th USENIX Conference on Security (SEC 2011), p 21 (2011)
Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: CHEX: statically vetting android apps for component hijacking vulnerabilities. In: 2012 ACM Conference on Computer and Communications Security (CCS 2012), pp. 229–240 (2012)
Zhang, M., Yin, H.: AppSealer: automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications. In: 21st Annual Network and Distributed System Security Symposium (NDSS 2014), San Diego, CA (2014)
Zhang, M., Yin, H.: Efficient, context-aware privacy leakage confinement for android applications without firmware modding. In: 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan, pp. 259–270 (2014)
Chen, K., Johnson, N., D’Silva, V., Dai, S., MacNamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in android applications with permission event graphs. In: 20th Annual Network and Distributed System Security Symposium, (NDSS 2013), San Diego (2013)
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2014), pp. 259–269 (2014)
Jang, J.-W., Yun, J., Woo, J., Kim, H.: Andro-profiler: anti-malware system based on behavior profiling of mobile malware. In: WWW Companion 2014 Proceedings of the Companion Publication of the 23rd International Conference on World Wide Web Companion, Seoul, Korea, pp. 737–738 (2014)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior- based malware detection system for android. In: ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), Chicago (2011)
Mulliner, C., Oberheide, J., Robertson, W., Kirda, E.: PatchDroid: scalable third-party security patches for android devices. In: 29th Annual Computer Security Applications Conference (ACSAC 2013), New Orleans, Louisiana, USA, pp. 259–268 (2013)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Network and Distributed System Security Symposium (2012)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: 10th International Conference on Mobile Systems, Applications, and Services (MobiSys 2012), pp. 281–294 (2012)
Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: WHYPER: towards automating risk assessment of mobile applications. In: 22nd USENIX Conference on Security (SEC 2013), pp. 527–542 (2013)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57(3), 99–106 (2014)
Yan, L., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: The 21st USENIX Conference on Security Symposium (Security 2012), pp. 29–29. USENIX Association, Berkeley (2012)
Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS 2013), pp. 611–622 (2013)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2011)
Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: a multi-level anomaly detector for android malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012)
Schmidt, A.-D., Peters, F., Lamour, F., Scheel, C., Çamtepe, S., Albayrak, S.: Monitoring smartphones for anomaly detection. Mob. Netw. Appl. 14(1), 92–106 (2009)
Xie, L., Zhang, X., Seifert, J.-P., Zhu, S.: pBMDS: a behavior-based malware detection system for cellphone devices. In: Third ACM Conference on Wireless Network Security (WiSec 2010), Hoboken, New Jersey, USA, pp. 37–48 (2010)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: CCS 2009 Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245 (2009)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: ACSAC 2009 Proceedings of the 2009 Annual Computer Security Applications Conference, Honolulu, HI, USA, pp. 340–349 (2009)
Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS 2014), pp. 1105–1116 (2014)
Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Poth, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: 2012 ACM Conference on Computer and Communications Security (CCS 2012) (2012)
Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: a scalable system for detecting code reuse among android applications. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 62–81. Springer, Heidelberg (2013)
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Heidelberg (2013)
Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: efficient and explainable detection of android malware in your pocket. In: 21th Annual Network and Distributed System Security Symposium (NDSS), February 2014
Android Emulator. http://developer.android.com/tools/help/emulator.html
Debian. http://www.debian.org/
MonkeyRunner Toolkit. http://developer.android.com/tools/help/monkeyrunner_concepts.html
Shridhar, D., Bartlett, E., Seagrave, R.: Information theoretic subset selection. Comput. Chem. Eng. 22, 613–626 (1998)
Shannon, C., Weaver, W.: The Mathematical Theory of Communication. University of Illinois Press, Urbana (1949)
Patel, K., Buddhadev, B.: Predictive rule discovery for network intrusion detection. In: Third International Symposium on Intelligent Informatics (ISI 2014), Greater Noida, India, pp. 287–298 (2014)
Gonzalez, H., Stakhanova, N., Ghorbani, A.: DroidKin: lightweight detection of android apps similarity. In: International Conference on Security and Privacy in Communication Networks (SecureComm 2014) (2014)
Parkour, M.: ContagioDump. http://contagiodump.blogspot.in/
Acknowledgments
We are thankful to the management of Charotar University of Science and Technology for providing support for the research. Special thanks to Dr. Ajay Parikh and Dr. S K Vij for their support and help.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Patel, K., Buddadev, B. (2015). Detection and Mitigation of Android Malware Through Hybrid Approach. In: Abawajy, J., Mukherjea, S., Thampi, S., Ruiz-Martínez, A. (eds) Security in Computing and Communications. SSCC 2015. Communications in Computer and Information Science, vol 536. Springer, Cham. https://doi.org/10.1007/978-3-319-22915-7_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-22915-7_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22914-0
Online ISBN: 978-3-319-22915-7
eBook Packages: Computer ScienceComputer Science (R0)