Skip to main content
SpringerLink
Log in

Andrana: Quick and Accurate Malware Detection for Android

  • Conference paper
  • First Online:
Book cover Foundations and Practice of Security (FPS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10128))

Included in the following conference series:

Abstract

In order to protect Android users and their information, we have developed a lightweight malware detection tool for Android called Andrana. It leverages machine learning techniques and static analysis to determine, with an accuracy of 94.90%, if an application is malicious. Its analysis can be performed directly on a mobile device in less than a second and using only 12 MB of memory.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Heidelberg (2013). doi:10.1007/978-3-319-04283-1_6

    Chapter  Google Scholar 

  2. Android operating system security. http://developer.android.com/guide/topics/security/permissions.html. Accessed 5 July 2016

  3. Apktool. https://ibotpeaches.github.io/Apktool/. Accessed 5 July 2016

  4. Appbrain. http://www.appbrain.com/stats/number-of-android-apps. Accessed 18 July 2016

  5. Apvrille, A., Nigam, R.: Obfuscation in android malware, and how to fight back. Virus Bull. 1–10 (2014)

    Google Scholar 

  6. Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS) (2014)

    Google Scholar 

  7. Atzeni, A., Su, T., Baltatu, M., D’Alessandro, R., Pessiva, G.: How dangerous is your Android app? An evaluation methodology. In: Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 130–139. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2014)

    Google Scholar 

  8. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  9. Breiman, L., Friedman, J., Stone, C.J., Olshen, R.A.: Classification and Regression Trees. CRC Press, Boca Raton (1984)

    MATH  Google Scholar 

  10. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)

    Google Scholar 

  11. Christensen, A.S., Møller, A., Schwartzbach, M.I.: Precise Analysis of String Expressions. Springer, New York (2003)

    Book  MATH  Google Scholar 

  12. Contagio. http://contagiominidump.blogspot.ca/. Accessed 16 July 2016

  13. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995). http://dx.doi.org/10.1007/BF00994018

    MATH  Google Scholar 

  14. Cunningham, P., Delany, S.J.: k-nearest neighbour classifiers. In: Multiple Classifier Systems, pp. 1–17 (2007)

    Google Scholar 

  15. Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: a multi-level anomaly detector for Android malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33704-8_21

    Chapter  Google Scholar 

  16. Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58(301), 13–30 (1963)

    Article  MathSciNet  MATH  Google Scholar 

  17. Java string analyzer (JSA). http://www.brics.dk/JSA/. Accessed 5 July 2016

  18. Language detection library. https://github.com/shuyo/language-detection. Acessed 5 July 2016

  19. Li, D., Lyu, Y., Wan, M., Halfond, W.G.: String analysis for Java and Android applications. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, pp. 661–672. ACM (2015)

    Google Scholar 

  20. Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app. classification through static and dynamic analysis. In: 39th Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 422–433. IEEE (2015)

    Google Scholar 

  21. Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: a view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)

    Google Scholar 

  22. LSFM. http://lsfm.ift.ulaval.ca/recherche/andrana/. Accessed 30 Sep 2016

  23. Maiorca, D., Ariu, D., Corona, I., Aresu, M., Giacinto, G.: Stealth attacks: an extended insight into the obfuscation effects on Android malware. Comput. Secur. 51, 16–31 (2015)

    Article  Google Scholar 

  24. Permissions classified as dangerous. http://developer.android.com/guide/topics/security/permissions.html#normal-dangerous. Accessed 5 July 2016

  25. Pscout. https://github.com/dweinstein/pscout. Accessed 5 July 2016

  26. Sato, R., Chiba, D., Goto, S.: Detecting Android malware by analyzing manifest files. In: Proceedings of the Asia-Pacific Advanced Network, vol. 36, pp. 23–31 (2013)

    Google Scholar 

  27. Schapire, R.E., Singer, Y.: Improved boosting using confidence-rated predictions. Mach. Learn. 37(3), 297–336 (1999)

    Article  MATH  Google Scholar 

  28. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: “Andromaly”: a behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)

    Article  Google Scholar 

  29. Smali/baksmali. https://github.com/JesusFreke/smali. Accessed 20 July 2016

  30. Smartphone OS market share, q1 2015 (2015). http://www.idc.com/prodserv/smartphone-os-market-share.jsp. Accessed 7 July 2016

  31. Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 447–458. ACM (2014)

    Google Scholar 

  32. Virus share. https://virusshare.com/. Accessed 14 July 2016

  33. Wu, W.C., Hung, S.H.: DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems, pp. 247–252. ACM (2014)

    Google Scholar 

  34. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS, vol. 25, pp. 50–52 (2012)

    Google Scholar 

Download references

Acknowledgments

We would like to thank François Laviolette for his suggestions and Souad El Hatib for her help with the string analysis tools. This project was funded by Thales and the NSERC.

Author information

Authors and Affiliations

  1. Laval University, Quebec, Canada

    Andrew Bedford, Sébastien Garvin, Josée Desharnais, Nadia Tawbi & Hana Ajakan

  2. Thales Research and Technology Canada, Quebec, Canada

    Frédéric Audet & Bernard Lebel

Authors
  1. Andrew Bedford
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sébastien Garvin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Josée Desharnais
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nadia Tawbi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hana Ajakan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Frédéric Audet
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Bernard Lebel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrew Bedford .

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. Concordia Inst for Info, Concordia University, Montreal, Québec, Canada

    Lingyu Wang

  3. Cesson-Sevigne, Télécom Bretagne, Cesson Sévigné, France

    Nora Cuppens-Boulahia

  4. Local 3950, pavillon Adrien Pouliot, Université Laval, Quebec, Québec, Canada

    Nadia Tawbi

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Bedford, A. et al. (2017). Andrana: Quick and Accurate Malware Detection for Android. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51966-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51965-4

  • Online ISBN: 978-3-319-51966-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation