Skip to main content

Advertisement

Springer Nature Link
Log in

HamDroid: permission-based harmful android anti-malware detection using neural networks

  • S.I. : LSNC & OUAI
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

Android platforms are a popular target for attackers, while many users around the world are victims of Android malwares threatening their private information. Numerous Android anti-malware applications are fake and do not work as advertised because they have been developed either by amateur programmers or by software companies that are not focused on the security aspects of the business. Such applications usually ask for and generally receive non-necessary permissions which at the end collect sensitive information. The rapidly developing fake anti-malware is a serious problem, and there is a need for detection of harmful Android anti-malware. This article delivers a dataset of Android anti-malware, including malicious or benign, and a customized multilayer perceptron neural network that is being used to detect anti-malware based on the permissions of the applications. The results show that the proposed method can detect with very high accuracy fake anti-malware, while it outperforms other standard classifiers in terms of accuracy, precision, and recall.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Explore related subjects

Discover the latest articles and news from researchers in related subjects, suggested using machine learning.

References

  1. https://www.av-comparatives.org/tests/android-test-2019-250-apps/

  2. Razgallaha A, Khourya R, Hallé S, Khanmohammadi K (2021) A survey of malware detection in Android apps: recommendations and perspectives for future research. Comput Sci Rev. https://doi.org/10.1016/j.cosrev.2020.100358

    Article  Google Scholar 

  3. www.virustotal.com

  4. https://www.kaggle.com/saeedseraj/a-dataset-for-fake-android-antimalware-detection

  5. Sihaga V, Vardhan M, Singh P (2021) A survey of android application and malware hardening. Comput Sci Rev. https://doi.org/10.1016/j.cosrev.2021.100365

    Article  Google Scholar 

  6. Mathur A, Mounika L, Ahmad P, Javaid Y (2021) NATICUSdroid: A malware detection framework for Android using native and custom permissions. J Inf Secur Appl 58:102696. https://doi.org/10.1016/j.jisa.2020.102696

    Article  Google Scholar 

  7. Sihaga V, Vardhan M, Singh P (2021) BLADE: robust malware detection against obfuscation in android. Forensic Sci Int: Digit Investig 38:301176. https://doi.org/10.1016/j.fsidi.2021.301176

    Article  Google Scholar 

  8. Arshad S, Ali M, Khan A, Ahmed M (2016) Android malware detection & protection: a survey. Int J Adv Comput Sci Appl 7(2):466. https://doi.org/10.14569/IJACSA.2016.070262

    Article  Google Scholar 

  9. Kornblum J (2006) Identifying almost identical files using context triggered piecewise hashing. Digit Investig 3(1):91–97. https://doi.org/10.1016/j.diin.2006.06.015

    Article  Google Scholar 

  10. Roussev V (2010) Data fingerprinting with similarity digests. In: IFIP advances in information and communication technology, vol 337 AICT. Springer, Berlin, pp 207–226. https://doi.org/10.1007/978-3-642-15506-2_15

  11. Faruki P, Ganmoor V, Laxmi V, Gaur MS, Bharmal A (2013) AndroSimilar: robust signature for detecting variants of android malware. In: Proceedings of the 6th international conference on security of information and networks—SIN ’13. ACM Press, New York, pp 152–159. https://doi.org/10.1145/2523514.2523539

  12. [droidmoss?] Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: Proceedings—IEEE symposium on security and privacy. IEEE, pp 95–109. https://doi.org/10.1109/SP.2012.16

  13. YaraProject: YaraRules Project (2019). https://yararules.com/. Accessed 28 July 2019

  14. YaraRules: yara-rules/rules (2019). https://github.com/Yara-Rules/rules

  15. Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans Inform Forensics Secur 9(11):1869–1882. https://doi.org/10.1109/TIFS.2014.2353996

    Article  Google Scholar 

  16. Li J, Sun L, Yan Q, Li Z, Srisa-An W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inform 14(7):3216–3225. https://doi.org/10.1109/TII.2017.2789219

    Article  Google Scholar 

  17. Talha KA, Alper DI, Aydin C (2015) APK auditor: permission-based android malware detection system. Digit Investig 13:1–14. https://doi.org/10.1016/j.diin.2015.01.001

    Article  Google Scholar 

  18. Sanz B, Santos I, Laorden C, Ugarte-Pedrero X, Bringas PG, Álvarez G (2013) PUMA: permission usage to detect malware in android. In: Advances in intelligent systems and computing, vol 189 AISC. Springer, Berlin, pp 289–298. https://doi.org/10.1007/978-3-642-33018-6_30

  19. Verma S, Muttoo SK (2016) An android malware detection framework-based on permissions and intents. Def Sci J 66(6):618–623

    Article  Google Scholar 

  20. Milosevic N, Dehghantanha A, Choo KKR (2017) Machine learning aided Android malware classification. Comput Electr Eng 61:266–274

    Article  Google Scholar 

  21. Kang BJ, Yerima SY, McLaughlin K, Sezer S (2016) N-opcode analysis for android malware classification and categorization. In: Proceedings of IEEE international conference on cyber security and protection of digital services (cyber security), pp 1–7

  22. Kim J, Yoon Y., Yi K, Shin J, Center SWRD (2012) ScanDal: static analyzer for detecting privacy leaks in android applications. MoST 12(110):1. http://www.ieee-security.org/TC/SP2012/posters/ScanDal.pdf. Accessed 17 Apr 2019

  23. Rastogi V, Qu Z, McClurg J, Cao Y, Chen Y (2015) Uranine: real-time privacy leakage monitoring without system modification for android. In: Lecture notes of the institute for computer sciences, social-informatics and telecommunications engineering, LNICST, vol 164. Springer, Cham, pp 256–276. https://doi.org/10.1007/978-3-319-28865-9_14

  24. Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inform Syst 38(1):161–190. https://doi.org/10.1007/s10844-010-0148-x

    Article  Google Scholar 

  25. Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2014) TaintDroid. ACMTrans Comput Syst 32(2):1–29. https://doi.org/10.1145/2619091

    Article  Google Scholar 

  26. Zhang F, Leach K, Stavrou A, Wang H, Sun K (2015) Using hardware features for increased debugging transparency. In: Proceedings—IEEE symposium on security and privacy, vol 2015-July, pp 55–69. https://doi.org/10.1109/SP.2015.11

  27. Sylve J, Case A, Marziale L, Richard GG (2012) Acquisition and analysis of volatile memory from android devices. Digit Investig 8(3–4):175–184. https://doi.org/10.1016/j.diin.2011.10.003

    Article  Google Scholar 

  28. Vidas T, Christin N (2014) Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM symposium on information, computer and communications security—ASIA CCS’14. ACMPress, New York, pp 447–458. https://doi.org/10.1145/2590296.2590325

  29. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices—SPSM ’11, p 15. ACM Press, New York. https://doi.org/10.1145/2046614.2046619

  30. Yan LK, Yin H (2012) DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: Proceedings of the 21st USENIX conference on Security symposium. USENIX Association Berkeley, CA, USA, Bellevue, WA, pp 1–16

  31. Lindorfer M, Neugschwandtner M, Weichselbaum L, Fratantonio Y, Veen VVD, Platzer C (2016) ANDRUBIS—1,000,000 apps later: a view on current android malware behaviors. In: Proceedings—3rd international workshop on building analysis datasets and gathering experience returns for security, BADGERS 2014, pp 3–17. IEEE. https://doi.org/10.1109/BADGERS.2014.7

  32. Gajrani J, Agarwal U, Laxmi V, Bezawada B, Gaur MS, Tripathi M, Zemmari A (2020) EspyDroid+: precise reflection analysis of android apps. Comput Secur 90:101688

    Article  Google Scholar 

  33. Mahindru A, Sangal AL (2021) MLDroid—framework for Android malware detection using machine learning techniques. Neural Comput Appl 33(10):5183–5240

    Article  Google Scholar 

  34. Şahin DÖ, Kural OE, Akleylek S, Kılıç E (2021) A novel permission-based Android malware detection system using feature selection based on linear regression. Neural Comput Appl 29:245–262

    Google Scholar 

  35. Gao H, Cheng S, Zhang W (2021) GDroid: Android malware detection and classification with graph convolutional network. Comput Secur 106:102264

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Architecture, Technology and Engineering, University of Brighton, Lewes Road, Brighton, BN2 4GJ, UK

    Saeed Seraj, Michalis Pavlidis & Nikolaos Polatidis

  2. Department of Computer Engineering, Yadegar-e-Imam Khomeini (RAH) Shahr-e-Ray Branch, Islamic Azad University, Tehran, Iran

    Siavash Khodambashi

Authors
  1. Saeed Seraj
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Siavash Khodambashi
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Michalis Pavlidis
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Nikolaos Polatidis
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Nikolaos Polatidis.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Seraj, S., Khodambashi, S., Pavlidis, M. et al. HamDroid: permission-based harmful android anti-malware detection using neural networks. Neural Comput & Applic 34, 15165–15174 (2022). https://doi.org/10.1007/s00521-021-06755-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-021-06755-4

Keywords

Profiles

  1. Nikolaos Polatidis View author profile