Skip to main content
SpringerLink
Log in

Malware Analysis Method Based Random Access Memory in Android

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1338))

  • 346 Accesses

Abstract

Mobile phone has become an indispensable part of people’s life, and an increasing number of information is stored on the mobile phones, once malware infects your phone that will cause serious damage to your personal and property security. The study of malicious software has been proposed constantly, but with so many applications flooding into marketplace and the improvement of malicious software, there are still some gaps in software quality control. The continuous improvement of malware also requires us to improve the detection technology in real time, and more importantly, we need to find more characteristics of malware on various aspects. This article will focus on the dynamic characteristics of malware and aim at random access memory in Android to carry out the experiment. Random access memory is the memory that application needs to reside while it is running, and it is a good reflection of the running characteristics of apps. Hence we extract the random access memory of software and analyse it on the process dimension, rather than on the analysis of the memory block. And the main experiment structure of our method is convolutional neural network. Based on our research, we found the relationship between malware and some process that can be used to effectively classify malware. The experiment result shows that this method has greatly improved the accuracy on the detection of malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. 360 Core Security Blog. https://blogs.360.cn/post/review_android_malware_of_2019.html

  2. Mobile malware summary report in 2019. https://www.freebuf.com/articles/terminal/228295.html

  3. Arora, A., Peddoju, S.K.: NTPDroid: a hybrid android malware detector using network traffic and system permissions. In: 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), New York, NY, pp. 808–813 (2018)

    Google Scholar 

  4. Alswaina, F., Elleithy, K.: Android malware permission-based multi-class classification using extremely randomized trees. IEEE Access 6, 76217–76227 (2018)

    Article  Google Scholar 

  5. Ma, Z., Ge, H., Liu, Y., Zhao, M., Ma, J.: A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7, 21235–21245 (2019). https://doi.org/10.1109/ACCESS.2019.2896003

    Article  Google Scholar 

  6. Zhang, L., Thing, V.L.L., Cheng, Y.: A scalable and extensible framework for android malware detection and family attribution. Comput. Secur. (2018)

    Google Scholar 

  7. Kim, T., Kang, B., Rho, M., Sezer S., Im, E.G.: A multimodal deep learning method for android malware detection using various features. IEEE Trans. Inf. Forensics Secur. 14(3), 773–788 (2019). https://doi.org/10.1109/tifs.2018.2866319

  8. Xu, Z., Ray, S., Subramanyan, P., Malik, S.: Malware detection using machine learning based analysis of virtual memory access patterns. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), Lausanne, pp. 169–174 (2017). https://doi.org/10.23919/date.2017.7926977

  9. Rathnayaka, C., Jamdagni, A.: An efficient approach for advanced malware analysis using memory forensic technique. In: IEEE Trustcom/BigDataSE/ICESS, Sydney, NSW, pp. 1145–1150 (2017)

    Google Scholar 

  10. Brengel, M., Rossow, C.: MemScrimper: time- and space-efficient storage of malware sandbox memory dumps. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 24–45. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93411-2_2

    Chapter  Google Scholar 

  11. Javaheri, D., Hosseinzadeh, M.: A framework for recognition and confronting of obfuscated malwares based on memory dumping and filter drivers. Wirel. Pers. Commun. 98(1), 119–137 (2017). https://doi.org/10.1007/s11277-017-4859-y

    Article  Google Scholar 

  12. Dai, Y., Li, H., Qian, Y., Lu, X.: A malware classification method based on memory dump grayscale image. Digit. Invest. 27, 30–37 (2018). https://doi.org/10.1016/j.diin.2018.09.006

    Article  Google Scholar 

  13. Tang, A., Sethumadhavan, S., Stolfo, S.J.: Unsupervised anomaly-based malware detection using hardware features. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 109–129. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_6

    Chapter  Google Scholar 

  14. Basu, K., Krishnamurthy, P., Khorrami, F., Karri, R.: A theoretical study of hardware performance counters-based malware detection. IEEE Trans. Inf. Forensics Secur. 15, 512–525 (2020). https://doi.org/10.1109/TIFS.2019.2924549

    Article  Google Scholar 

  15. Milosevic, J., Ferrante, A. and Malek, M.: What does the memory say? Towards the most indicative features for efficient malware detection. In 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, pp. 759–764 (2016). https://doi.org/10.1109/ccnc.2016.7444874

  16. Milosevic, J., Malek, M., Ferrante, A.: A friend or a foe? Detecting malware using memory and CPU features. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016): SECRYPT, vol. 4, pp 73–84 (2016). https://doi.org/10.5220/0005964200730084

  17. Kandukuru, S., Sharma, R.M.: Android malicious application detection using permission vector and network traffic analysis. In: 2nd International Conference for Convergence in Technology (I2CT), Mumbai, pp. 1126–1132 (2017). https://doi.org/10.1109/i2ct.2017.8226303

  18. Hernandez Jimenez, J., Goseva-Popstojanova, K.: Malware detection using power consumption and network traffic data. In: 2nd International Conference on Data Intelligence and Security (ICDIS), South Padre Island, TX, USA, pp. 53–59 (2019). https://doi.org/10.1109/icdis.2019.00016

  19. Wang, S., et al.: Deep and broad learning based detection of android malware via network traffic. In IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), Banff, AB, Canada, pp. 1–6 (2018). https://doi.org/10.1109/iwqos.2018.8624143

  20. AlAhmadi, B.A., Martinovic, I.: MalClassifier: malware family classification using network flow sequence behaviour. In: APWG Symposium on Electronic Crime Research (eCrime), San Diego, CA, pp. 1–13 (2018). https://doi.org/10.1109/ecrime.2018.8376209

  21. Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: IEEE International Conference on Intelligence and Security Informatics (ISI), Beijing, pp. 43–48 (2017). https://doi.org/10.1109/isi.2017.8004872

  22. Su, X., Zhang, D., Li, W., Zhao, K.: A deep learning approach to android malware feature learning and detection. In: IEEE Trustcom/BigDataSE/ISPA, Tianjin, pp. 244–251 (2016). https://doi.org/10.1109/trustcom.2016.0070

  23. Zhang, J., Qin, Z., Yin, H., Ou, L., Zhang, K.: A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding. Comput. Secur. 84, 376–392 (2019). https://doi.org/10.1016/j.cose.2019.04.005

    Article  Google Scholar 

  24. Wang, Y., An, J., Huang, W.: Using CNN-based representation learning method for malicious traffic identification. In: IEEE/ACIS 17th International Conference on Computer and Information Science (ICIS), Singapore, pp. 400–404 (2018)

    Google Scholar 

  25. Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: International Conference on Information Networking (ICOIN), Da Nang, pp. 712–717 (2017). https://doi.org/10.1109/icoin.2017.7899588

  26. Sun, G., Qian, Q.: Deep learning and visualization for identifying malware families. IEEE Trans. Depend. Secure Comput. 1 (2018). https://doi.org/10.1109/tdsc.2018.2884928

  27. Qiao, Y., Jiang, Q., Jiang, Z., Gu, L.: A multi-channel visualization method for malware classification based on deep learning. In: 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, pp. 757–762 (2019)

    Google Scholar 

  28. Fu, J., Xue, J., Wang, Y., Liu, Z., Shan, C.: Malware visualization for fine-grained classification. IEEE Access 6, 14510–14523 (2018). https://doi.org/10.1109/ACCESS.2018.2805301

    Article  Google Scholar 

  29. Taheri, L., Kadir, A.F.A., Lashkari, A.H.: Extensible android malware detection and family classification using network-flows and API-calls. In: International Carnahan Conference on Security Technology (ICCST), Chennai, India, pp. 1–8 (2019). https://doi.org/10.1109/ccst.2019.8888430

  30. Lashkari, A.H., Kadir, A.F., A., Taheri, L., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark android malware datasets and classification. In: International Carnahan Conference on Security Technology (ICCST), Montreal, QC, pp. 1–7 (2018). https://doi.org/10.1109/ccst.2018.8585560

  31. Maldozer Karbab, E.B., Debbabi, M., Derhab, A., Mouheb, D.: MalDozer: automatic framework for android malware detection using deep learning. Digit. Invest. 24, S48–S59 (2018)

    Google Scholar 

  32. Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious android applications. Future Gener. Comput. Syst. 36(July), 122–132 (2014). https://doi.org/10.1016/j.future.2013.09.014

Download references

Acknowledgements

This work was supported in part by the Natural Science Foundation of China under Grants 61672092, in part by the Fundamental Research Funds for the Central Universities of China under Grants 2018JBZ103, Major Scientific and Technological Innovation Projects of Shandong Province, China (No. 2019JZZY020128).

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing, China

    Wenping Ji, Jian Wang, Xudong He & Jiqiang Liu

Authors
  1. Wenping Ji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xudong He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jiqiang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian Wang .

Editor information

Editors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Lejla Batina

  2. Deakin University, Geelong, VIC, Australia

    Gang Li

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ji, W., Wang, J., He, X., Liu, J. (2020). Malware Analysis Method Based Random Access Memory in Android. In: Batina, L., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2020. Communications in Computer and Information Science, vol 1338. Springer, Singapore. https://doi.org/10.1007/978-981-33-4706-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-33-4706-9_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-33-4705-2

  • Online ISBN: 978-981-33-4706-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation