Abstract
Lack of supervision and management of many Android third-party application markets has led to a growing number of malware on android platforms. This causes a serious privacy threat to the user’s sensitive information. To solve this problem, in this paper, a new hybrid features analysis method aiming at Android malware detection is proposed, which obtains a hybrid feature vector by extracting the information of permission requests, API calls and runtime behaviors. The characteristic of this work is the use of machine learning classification algorithms to detect malicious software. In addition, the feature selection algorithm is used to further optimize the extracted information to remove some useless features. Our experiments are based on real-world Apps, and use five different classification algorithms to detect the malware. The experiment results show that our proposed hybrid feature extraction method can improve the accuracy rate of Android malware detection compared with using static methods alone.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Malhotra, A., Bajaj, K.: A survey on various malware detection techniques on mobile platform. Int. J. Comput. Appl. 139(5), 15–20 (2016)
Symantec: Internet Security Threat Report 2017. https://www.symantec.com/security-center/threat-report
Tan, D.J., Chua, T.W., Thing, V.L.: Securing Android: a survey, taxonomy, and challenges. ACM Comput. Surv. (CSUR) 47(4), 58 (2015)
Shabtai, A., Moskovitch, R., Elovici, Y.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf. Secur. Tech. Rep. 14(1), 16–29 (2009)
Tam, K., Khan, S.J., Fattori, A.: CopperDroid: automatic reconstruction of Android malware behaviors. In: NDSS (2015)
Chan, P.P., Song, W.K.: Static detection of Android malware by using permissions and API calls. In: 2014 International Conference on Machine Learning and Cybernetics (ICMLC), vol. 1, pp. 82–87. IEEE (2014)
Arp, D., Spreitzenbarth, M., Hubner, M.: DREBIN: effective and explainable detection of Android malware in your pocket. In: NDSS (2014)
Wu, D.J., Mao, C.H., Wei, T.E.: Droidmat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69. IEEE (2012)
Amos, B., Turner, H., White, J.: Applying machine learning classifiers to dynamic Android malware detection at scale. In: 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1666–1671. IEEE (2013)
Dash, S.K., Suarez-Tangil, G., Khan, S.: Droidscribe: classifying Android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252–261. IEEE (2016)
Rieck, K., Trinius, P., Willems, C.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Androguard. https://code.google.com/archive/p/androguard
Baksmali. https://github.com/JesusFreke/smali
Chandrashekar, G., Sahin, F.: A survey on feature selection methods. Comput. Electr. Eng. 40(1), 16–28 (2014)
Monkey. https://developer.android.com/studio/test/monkey.html
DroidBox: An Android Application Sandbox for Dynamic Analysis. http://code.google.com/p/droidbox
Gu, B., Sheng, V.S., Wang, Z.: Incremental learning for ν-support vector regression. Neural Netw. 67, 140–150 (2015)
Liao, Y., Vemuri, V.R.: Use of k-nearest neighbor classifier for intrusion detection. Comput. Secur. 21(5), 439–448 (2002)
Buntine, W.: Learning classification rules using Bayes. In: Proceedings of the Sixth International Workshop on Machine Learning, pp. 94–98 (2016)
Bhargava, N., Sharma, G., Bhargava, R.: Decision tree analysis on J48 algorithm for data mining. Proc. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(6) (2013)
Chutia, D., Bhattacharyya, D.K., Sarma, J.: An effective ensemble classification framework using random forests and a correlation based feature selection technique. Trans. GIS 21(6), 1165–1178 (2017)
Hall, M., Frank, E., Holmes, G.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newsl. 11(1), 10–18 (2009)
VirusShare Malware dataset. https://virusshare.com
Acknowledgments
This work has partially been sponsored by the National Science Foundation of China (No. 61572355) and Tianjin Research Program of Application Foundation and Advanced Technology under grant No. 15JCYBJC15700, and Fundamental Research of Xinjiang Corps under grant No. 2016AC015.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhao, Y., Xu, G., Zhang, Y. (2018). HFA-MD: An Efficient Hybrid Features Analysis Based Android Malware Detection Method. In: Wang, L., Qiu, T., Zhao, W. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Systems. QShine 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 234. Springer, Cham. https://doi.org/10.1007/978-3-319-78078-8_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-78078-8_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78077-1
Online ISBN: 978-3-319-78078-8
eBook Packages: Computer ScienceComputer Science (R0)