Abstract
Because of the explosive growth of Android malware and due to the severity of its damages, the detection of Android malware has become an increasing important topic in cyber security. Currently, the major defense against Android malware is commercial mobile security products which mainly use signature-based method for detection. However, attackers can easily devise methods, such as obfuscation and repackaging, to evade the detection, which calls for new defensive techniques that are harder to evade. In this paper, resting on the analysis of Application Programming Interface (API) calls extracted from the smali files, we further categorize the API calls which belong to the some method in the smali code into a block. Based on the generated code blocks, we then apply a deep learning framework (i.e., Deep Belief Network) for newly unknown Android malware detection. Using a real sample collection from Comodo Cloud Security Center, a comprehensive experimental study is performed to compare various malware detection approaches. Promising experimental results demonstrate that DroidDelver which integrates our proposed method outperform other alternative Android malware detection techniques.
Y. Ye—This work is partially supported by the U.S. National Science Foundation under grant CNS-1618629.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
APE: a smart automatic testing environment for android malware. https://books.google.com/books?id=hUYDrgEACAAJ
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: SPSM (2011)
Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 163–182. Springer, Heidelberg (2014)
Dalvik Opcodes. http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
DroidBox. https://github.com/pjlantz/droidbox
Wu, D., Mao, C., Wei, T., Lee, H., DroidMat, K.: Android malware detection through manifest and API calls tracing. In: ASIA JCIS (2012)
G DATA. Mobile malware report for the fourth quarter of 2015. https://www.gdata-software.com
Hinton, G.E., Dayan, P., Frey, B.J., Neal, R.M.: The wake-sleep algorithm for unsupervised neural networks. Science 268, 1158–1161 (1995)
Hinton, G.E., Osindero, S., Teh, Y.: A fast learning algorithm for deep belief nets. Neural Comput. 18, 1527–1554 (2006)
Peng, H., Long, F., Ding, C.: Feature selection based on mutualinformation: criteria of max-dependency, max-relevance, and min-redundancy. In: TPAMI (2005)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: SPSM (2011)
IDC. http://www.idc.com/prodserv/smartphone-os-market-share.jsp
Xu, J., Yu, Y., Chen, Z., Cao, B., Dong, W., Guo, Y., Cao, J.: MobSafe: cloud computing based forensic analysis for massive mobile applications using data mining. Tsinghua Sci. Technol. 18, 418–427 (2013)
Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)
Dimjasevic, M., Atzeni, S., Ugrina, I., Rakamaric, Z.: Evaluation of android malware detection based on system calls. In: IWSPA (2016)
Dimjasevic, M., Atzeni, S., Ugrina, I., Rakamaric Z.: Android malware detection based on system calls. In: UUCS (2015)
Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: ICDM (2013)
Ransomware. https://containment.comodo.com/why-comodo/ransomware.php
Collobert, R., Weston, J.: A unified architecture for natural language processing: deep neural networks with multitask learning. In: ICML (2008)
Wu, W., Hung, S.: DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: RACS (2014)
Xu, J., Sung, A., Chavez, P., Mukkamala, S.: Polymorphic malicious executable scanner by API sequence analysis. In: HIS (2004)
Bengio, Y.: Learning deep architectures for AI. Found. Trends Mach. Learn. 2(1), 1–127 (2009)
Bengio, Y., Lamblin, P., Popovici, D., Larochelle, H.: Greedy layer-wise training of deep networks. In: NIPS (2007)
Lv, Y., Duan, Y., Kang, W., Li, Z., Wang, F.: Traffic flow prediction with big data: a deep learning approach. Intell. Transp. Syst. 16(2), 1–9 (2014)
Ye, Y., Wang, D., Li, T., Ye, D.: IMDS: intelligent malware detection system. In: SIGKD (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Hou, S., Saas, A., Ye, Y., Chen, L. (2016). DroidDelver: An Android Malware Detection System Using Deep Belief Network Based on API Call Blocks. In: Song, S., Tong, Y. (eds) Web-Age Information Management. WAIM 2016. Lecture Notes in Computer Science(), vol 9998. Springer, Cham. https://doi.org/10.1007/978-3-319-47121-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-47121-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47120-4
Online ISBN: 978-3-319-47121-1
eBook Packages: Computer ScienceComputer Science (R0)