Abstract
In recent years, mobile malware has become one of the most important threats to the development of mobile Internet. Effective prevention and control of malicious applications concern the healthy development of the mobile Internet industry and the vital interests of the vast number of mobile terminal users. However, due to many new characteristics of mobile intelligent terminals, such as storing personal privacy data, the traditional software security technology cannot be applied to mobile applications directly. Therefore, the security detection for mobile applications is of great significance. In this paper, we proposed a simple-Dalvik intermediate language-based method to detect the malicious mobile applications. In this method, we first reduce the 218 instructions in the Dalvik instruction set to a simpler set, SDIL, through simplification and optimization. By using SDIL, we can effectively refine the instruction features and maintain the control relationships of the source program. After that, we use an improved MOSS algorithm to detect malicious mobile applications. Our experimental results show that the method proposed in this paper greatly improves the detection efficiency of malicious mobile applications and maintains good accuracy.
Similar content being viewed by others
References
Euler M, Rodolfo F (2017) PLATEM: a method for mobile applications testing. IET Softw 11(6):319–328
Tencent (2017) Myapp market. http://android.myapp.com/. Accessed 17 Oct 2017
Guo L, Jin B, Ruiyun Y et al (2016) Multi-label classification methods for green computing and application for mobile medical recommendations. IEEE Access 4:3201–3209
Martinez HS, Rodriguez M, Dominguez EL (2017) Túum: test model for native mobile applications. IEEE Lat Am Trans 15(5):994–1000
Google (2017) Manifest permission. https://developer.android.com/reference/android/Manifest.permission. Accessed 21 Dec 2017
Google (2017) Dalvik bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode. Accessed 17 Dec 2017
Dong F, Wang J, Li Q, Xu G, Zhang S (2017) Defect prediction in android binary executables using deep neural network. Wirel Pers Commun 102(3):2261–2285 (special issue on machine learning for big data processing in mobile internet, online, 2017–11-15)
Yao D, Wang J, Li Q (2017) An android malware detection approach using community structures of weighted function call graphs. IEEE Access 5:17478–17486
Ma Z, Chen Z, Wang X, Nie R, Zhao G (2017) Shikra: a behavior-based android malware detection framework. In: International conference on green informatics, pp 175–184
Wang S, Liu T, Tan L (2017) Automatically learning semantic features for defect prediction. In: IEEE/ACM international conference on software engineering, pp 297–308
Du Y, Wang X, Wang J (2015) A static android malicious code detection method based on multisource fusion. Secur Commun Netw 8(17):3238–3246
Saracino A, Sgandurra D, Dini G, Martinelli F (2016) MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secure Comput 99:1
Narayanan A, Chandramohan M, Chen L, Liu Y (2018) A multi-view context-aware approach to android malware detection and malicious code localization. Empir Softw Eng 23(3):1222–1274
Arora A, Peddoju SK (2017) Minimizing network traffic features for android mobile malware detection. In: Proceedings of the 18th international conference on distributed computing and networking. ACM Press, p 32
Chakravartula RN, Lakshmi VN (2017) Combating malware with whitelisting in IoT-based medical devices. Int J Comput Appl 167(8):33–37
Llauradó DG (2016) Convolutional neural networks for malware classification. Universitat Politècnica de Catalunya, Barcelona
Mclaughlin N, Martinez Del Rincon J, Kang B et al (2017) Deep android malware detection. In: Proceedings of the seventh ACM on conference on data and application security and privacy. ACM, pp 301–308
Miné A, Breck J, Reps T (2016) An algorithm inspired by constraint solvers to infer inductive invariants in numeric programs. In: European symposium on programming languages and systems. Springer, 2016, pp 560–588
Beyer D, Gulwani S, Schmidt DA (2017) Combining model checking and data-flow analysis. Handb Model Checking 5:493–540
Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Yves L, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not 49(6):259–269
Klieber W, Flynn L, Bhosale A, Jia L, Bauer L (2014) Android taint flow analysis for app sets. In: ACM SIGPLAN, pp 1–6
Song D, Brumley D, Yin H et al (2008) BitBlaze: a new approach to computer security via binary analysis. In: ICISS, pp 1–25
Brumley D (2008) Analysis and defense of vulnerabilities in binary code. ProQuest, Ann Arbor
Octeau D, Jha S, Dering M, McDaniel P, Bartel A, Li L, Klein J, Le Traon Y (2016) Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: ACM SIGPLAN notices, pp 469–484
Li C, Wang H, Wang J, Li Q, Jianbo Yu, Guo J, Guoai X, Guo Y (2017) CRSPR: PageRank for android apps. IEEE Access 5:18004–18015
Acknowledgements
The authors acknowledge the project (2016QY06X1205, U1536119, U153610079).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, Q., Sun, B., Chen, M. et al. Detection malicious Android application based on simple-Dalvik intermediate language. Neural Comput & Applic 31 (Suppl 1), 185–194 (2019). https://doi.org/10.1007/s00521-018-3726-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-018-3726-4