Skip to main content
SpringerLink
Log in

Detection malicious Android application based on simple-Dalvik intermediate language

  • S.I. : Machine Learning Applications for Self-Organized Wireless Networks
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

In recent years, mobile malware has become one of the most important threats to the development of mobile Internet. Effective prevention and control of malicious applications concern the healthy development of the mobile Internet industry and the vital interests of the vast number of mobile terminal users. However, due to many new characteristics of mobile intelligent terminals, such as storing personal privacy data, the traditional software security technology cannot be applied to mobile applications directly. Therefore, the security detection for mobile applications is of great significance. In this paper, we proposed a simple-Dalvik intermediate language-based method to detect the malicious mobile applications. In this method, we first reduce the 218 instructions in the Dalvik instruction set to a simpler set, SDIL, through simplification and optimization. By using SDIL, we can effectively refine the instruction features and maintain the control relationships of the source program. After that, we use an improved MOSS algorithm to detect malicious mobile applications. Our experimental results show that the method proposed in this paper greatly improves the detection efficiency of malicious mobile applications and maintains good accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Euler M, Rodolfo F (2017) PLATEM: a method for mobile applications testing. IET Softw 11(6):319–328

    Article  Google Scholar 

  2. Tencent (2017) Myapp market. http://android.myapp.com/. Accessed 17 Oct 2017

  3. Guo L, Jin B, Ruiyun Y et al (2016) Multi-label classification methods for green computing and application for mobile medical recommendations. IEEE Access 4:3201–3209

    Article  Google Scholar 

  4. Martinez HS, Rodriguez M, Dominguez EL (2017) Túum: test model for native mobile applications. IEEE Lat Am Trans 15(5):994–1000

    Article  Google Scholar 

  5. Google (2017) Manifest permission. https://developer.android.com/reference/android/Manifest.permission. Accessed 21 Dec 2017

  6. Google (2017) Dalvik bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode. Accessed 17 Dec 2017

  7. Dong F, Wang J, Li Q, Xu G, Zhang S (2017) Defect prediction in android binary executables using deep neural network. Wirel Pers Commun 102(3):2261–2285 (special issue on machine learning for big data processing in mobile internet, online, 2017–11-15)

    Article  Google Scholar 

  8. Yao D, Wang J, Li Q (2017) An android malware detection approach using community structures of weighted function call graphs. IEEE Access 5:17478–17486

    Article  Google Scholar 

  9. Ma Z, Chen Z, Wang X, Nie R, Zhao G (2017) Shikra: a behavior-based android malware detection framework. In: International conference on green informatics, pp 175–184

  10. Wang S, Liu T, Tan L (2017) Automatically learning semantic features for defect prediction. In: IEEE/ACM international conference on software engineering, pp 297–308

  11. Du Y, Wang X, Wang J (2015) A static android malicious code detection method based on multisource fusion. Secur Commun Netw 8(17):3238–3246

    Article  Google Scholar 

  12. Saracino A, Sgandurra D, Dini G, Martinelli F (2016) MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secure Comput 99:1

    Google Scholar 

  13. Narayanan A, Chandramohan M, Chen L, Liu Y (2018) A multi-view context-aware approach to android malware detection and malicious code localization. Empir Softw Eng 23(3):1222–1274

    Article  Google Scholar 

  14. Arora A, Peddoju SK (2017) Minimizing network traffic features for android mobile malware detection. In: Proceedings of the 18th international conference on distributed computing and networking. ACM Press, p 32

  15. Chakravartula RN, Lakshmi VN (2017) Combating malware with whitelisting in IoT-based medical devices. Int J Comput Appl 167(8):33–37

    Google Scholar 

  16. Llauradó DG (2016) Convolutional neural networks for malware classification. Universitat Politècnica de Catalunya, Barcelona

    Google Scholar 

  17. Mclaughlin N, Martinez Del Rincon J, Kang B et al (2017) Deep android malware detection. In: Proceedings of the seventh ACM on conference on data and application security and privacy. ACM, pp 301–308

  18. Miné A, Breck J, Reps T (2016) An algorithm inspired by constraint solvers to infer inductive invariants in numeric programs. In: European symposium on programming languages and systems. Springer, 2016, pp 560–588

  19. Beyer D, Gulwani S, Schmidt DA (2017) Combining model checking and data-flow analysis. Handb Model Checking 5:493–540

    MATH  Google Scholar 

  20. Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Yves L, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not 49(6):259–269

    Article  Google Scholar 

  21. Klieber W, Flynn L, Bhosale A, Jia L, Bauer L (2014) Android taint flow analysis for app sets. In: ACM SIGPLAN, pp 1–6

  22. Song D, Brumley D, Yin H et al (2008) BitBlaze: a new approach to computer security via binary analysis. In: ICISS, pp 1–25

  23. Brumley D (2008) Analysis and defense of vulnerabilities in binary code. ProQuest, Ann Arbor

    Google Scholar 

  24. Octeau D, Jha S, Dering M, McDaniel P, Bartel A, Li L, Klein J, Le Traon Y (2016) Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: ACM SIGPLAN notices, pp 469–484

  25. Li C, Wang H, Wang J, Li Q, Jianbo Yu, Guo J, Guoai X, Guo Y (2017) CRSPR: PageRank for android apps. IEEE Access 5:18004–18015

    Article  Google Scholar 

Download references

Acknowledgements

The authors acknowledge the project (2016QY06X1205, U1536119, U153610079).

Author information

Authors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing Key Laboratory of Interconnection and Integration, Beijing, China

    Qi Li, Bowen Sun & Meiqi Chen

  2. China Mobile Communications Group Co., Ltd., Beijing, China

    Hang Dong

Authors
  1. Qi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bowen Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meiqi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hang Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, Q., Sun, B., Chen, M. et al. Detection malicious Android application based on simple-Dalvik intermediate language. Neural Comput & Applic 31 (Suppl 1), 185–194 (2019). https://doi.org/10.1007/s00521-018-3726-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-018-3726-4

Keywords

Search

Navigation