Skip to main content

Advertisement

Springer Nature Link
Log in

MVDroid: an android malicious VPN detector using neural networks

  • S.I. : Technologies of the 4th Industrial Revolution with applications
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

The majority of Virtual Private Networks (VPNs) fail when it comes to protecting our privacy. If we are using a VPN to protect our online privacy, many of the well-known VPNs are not secure to use. When examined closely, VPNs can appear to be perfect on the surface but still be a complete privacy and security disaster. Some VPNs will steal our bandwidth, infect our computers with malware, install secret tracking libraries on our devices, steal our personal data, and leave our data exposed to third parties. Generally, Android users should be cautious when installing any VPN software on their devices. As a result, it is important to identify malicious VPNs before downloading and installing them on our Android devices. This paper provides an optimised deep learning neural network for identifying fake VPNs, and VPNs infected by malware based on the permissions of the apps, as well as a novel dataset of malicious and benign Android VPNs. Experimental results indicate that our proposed classifier identifies malicious VPNs with high accuracy, while it outperforms other standard classifiers in terms of evaluation metrics such as accuracy, precision, and recall.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Explore related subjects

Discover the latest articles and news from researchers in related subjects, suggested using machine learning.

Data availability

The data have been made available by the authors through the Kaggle platform at https://www.kaggle.com/datasets/saeedseraj/mvdroid-a-malicious-android-vpn-detector-dataset.

References

  1. Ikram M, Vallina-Rodriguez N, Seneviratne S, Kaafar MA, Paxson V (2016) An analysis of the privacy and security risks of android vpn permission-enabled apps. In: Proceedings of the 2016 internet measurement conference. https://doi.org/10.1145/2987443.2987471

  2. Khattak S, Javed M, Khayam S A, Uzmi Z A, Paxson V (2014) A look at the consequences of internet censorship through an ISP lens. In: Proceedings of the 2014 Conference on internet measurement conference, Vancouver, pp 271–284

  3. https://www.kaggle.com/datasets/saeedseraj/mvdroid-a-malicious-android-vpn-detector-dataset. Accessed 20 March 2022

  4. VirusTotal. https://www.virustotal.com. Accessed 20 March 2022

  5. Taha Khan M, DeBlasio J, Voelker G M, Snoeren A C, Kanich C, Rodriguez NV (2018) An empirical analysis of the commercial VPN ecosystem. In: Proceedings of the internet measurement conference 2018 (IMC’18). https://doi.org/10.1145/3278532.3278570

  6. Wilson J, McLuskie D, Bayne E (2020) Investigation into the security and privacy of iOS VPN applications. In: Proceedings of the 15th international conference on availability, reliability and security (ARES ’20). https://doi.org/10.1145/3407023.3407029

  7. Wangchuk T, Rathod D (2021) Forensic and behavior analysis of free android VPNs. J Appl Eng Technol Manag 1(1):91–101. https://doi.org/10.54417/jaetm.v1i1.27

    Article  Google Scholar 

  8. Korty A, Calarco D, Spencer M (2021) Balancing risk with virtual private networking during a pandemic. Bus Horiz 64(6):757–761. https://doi.org/10.1016/j.bushor.2021.07.011

    Article  Google Scholar 

  9. https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html?&web_view=true

  10. Sihaga V, Vardhan M, Singh P (2021) A survey of android application and malware hardening. Comput Sci Rev 39:100365. https://doi.org/10.1016/j.cosrev.2021.100365

    Article  Google Scholar 

  11. Arshad S, Ali Shah M, Khan A, Ahmed M (2016) Android malware detection & protection: a survey. Int J Adv Comput Sci Appl 7(2):466. https://doi.org/10.14569/IJACSA.2016.070262

    Article  Google Scholar 

  12. Roussev V (2010) Data fingerprinting with similarity digests. IFIP Adv Inf Commun Technol 337:207–226. https://doi.org/10.1007/978-3-642-15506-2_15

    Article  Google Scholar 

  13. YaraRules: yara-rules/rules; https://github.com/Yara-Rules/rules. Accessed 28 March 2022

  14. Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans Inform Forensics Secur 9(11):1869–1882. https://doi.org/10.1109/TIFS.2014.2353996

    Article  Google Scholar 

  15. Talha KA, Alper DI, Aydin C (2015) APK auditor: permissionbased android malware detection system. Digit Investig 13:1–14. https://doi.org/10.1016/j.diin.2015.01.001

    Article  Google Scholar 

  16. Li J, Sun L, Yan Q, Li Z, Srisa-An W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Indu Inform 14(7):3216–3225. https://doi.org/10.1109/TII.2017.2789219

    Article  Google Scholar 

  17. Milosevic N, Dehghantanha A, Choo KKR (2017) Machine learning aided android malware classification. Comput Electr Eng Elsevier 61:266–274

    Article  Google Scholar 

  18. Kang BJ, Yerima SY, McLaughlin K, Sezer S (2016) N-opcode analysis for android malware classification and categorization. In Proceedings of IEEE international conference on cyber security and protection of digital services (Cyber Security), pp 1–7

  19. Sahin DO¨, Kural OE, Akleylek S et al (2021) A novel permission-based android malware detection system using feature selection based on linear regression. Neural ComputAppl 29:245–326

    Google Scholar 

  20. Mahindru A, Sangal AL (2021) MLDroid: framework for android malware detection using machine learning techniques. Neural Comput Appl 33(10):5183–5240

    Article  Google Scholar 

  21. Seraj S, Khodambashi S, Pavlidis M, Polatidis N (2022) HamDroid: permission-based harmful android anti-malware detection using neural networks. Neural Comput Appli. https://doi.org/10.1007/s00521-02106755-4

    Article  Google Scholar 

  22. Vidas T, Christin N (2014) Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM symposium on Information, computer and communications security, pp 447–458. https://doi.org/10.1145/2590296.2590325

  23. Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2014) TaintDroid. ACMTrans. Comput Syst 32(2):1–29. https://doi.org/10.1145/2619091

    Article  Google Scholar 

  24. Gajrani J, Agarwal U, Laxmi V, Bezawada B, Gaur MS, Tripathi M, Zemmari A (2020) EspyDroid+: precise reflection analysis of android apps. Comput Secur 90:101688

    Article  Google Scholar 

  25. Mahdavifar S, Alhadidi D, Ghorbani AA (2022) Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder. J Netw Syst Manage 30:1–34

    Article  Google Scholar 

  26. D’Angelo G, Palmieri F, Robustelli A (2022) A federated approach to Android malware classification through Perm-Maps. Cluster Comput 25(4):2487–2500

    Article  Google Scholar 

  27. Seraj S, Pavlidis M, Polatidis N (2022) TrojanDroid: android malware detection for trojan discovery using convolutional neural networks. In: Engineering applications of neural networks: 23rd international conference, EAAAI/EANN 2022, Chersonissos, Crete, Greece, June 17–20, 2022, Proceedings, pp 203-212. Cham: Springer International Publishing

  28. Ullah S, Ahmad T, Buriro A, Zara N, Saha S (2022) TrojanDetector: a multi-layer hybrid approach for trojan detection in android applications. Appl Sci 12(21):10755

    Article  Google Scholar 

  29. Yerima SY, Alzaylaee MK, Shajan A (2021) Deep learning techniques for android botnet detection. Electronics 10(4):519

    Article  Google Scholar 

  30. Moodi M, Ghazvini M, Moodi H (2021) A hybrid intelligent approach to detect android botnet using smart self-adaptive learning-based PSO-SVM. Knowl-Based Syst 222:106988

    Article  Google Scholar 

  31. Amer E (2021) Permission-based approach for android malware analysis through ensemble-based voting model. In: Proceedings of the 2021 international mobile, intelligent, and ubiquitous computing conference (MIUCC), Cairo, Egypt, 26–27, pp 135–139

  32. Wang H, Zhang W, He H (2022) You are what the permissions told me! Android malware detection based on hybrid tactics. J Inf Secur Appl 66:103159

    Google Scholar 

  33. Bahar Z (2022) Your free VPN app could be a trojan: How to spot fake vpns, NordVPN. https://nordvpn.com/blog/fake-vpn/ (Accessed: 23rd January 2023).

  34. Glover C (2022) Sandstrike Fake VPN is latest in wave of new Android malware, Tech Monitor. https://techmonitor.ai/technology/cybersecurity/android-malware-sandstrike-fake-vpn (Accessed: 23 January 2023)

  35. Editor (2022) Eset Research: Bahamut Group targets android users with fake VPN apps; spyware steals users' conversations, ESET. https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-bahamut-group-targets-android-users-with-fake-vpn-apps-spyware-steals-users-convers/ (Accessed: 23 January 2023)

  36. Li L, Li D, Bissyandé TF, Klein J, Le Traon Y, Lo D, Cavallaro L (2017) Understanding android app piggybacking: a systematic study of malicious code grafting. IEEE Trans Inf Forensics Secur 12(6):1269–1284

    Article  Google Scholar 

  37. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens CERT (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Ndss (Vol. 14, pp 23–26)

  38. Pendlebury F, Pierazzi F, Jordaney R, Kinder J, Cavallaro L (2019) {TESSERACT}: eliminating experimental bias in malware classification across space and time. In: 28th USENIX security symposium (USENIX Security 19) (pp 729–746)

  39. Salem A, Banescu S, Pretschner A (2021) Maat: automatically analyzing virustotal for accurate labeling and effective malware detection. ACM Trans Priv Secur (TOPS) 24(4):1–35

    Article  Google Scholar 

Download references

Funding

This research received no external funding.

Author information

Authors and Affiliations

  1. School of Architecture, Technology and Engineering, University of Brighton, Brighton, BN2 4GJ, UK

    Saeed Seraj, Michalis Pavlidis & Nikolaos Polatidis

  2. Department of Computer Engineering, Yadegar-E-Imam Khomeini (RAH) Shahr-E-Rey Branch, Islamic Azad University, Tehran, Iran

    Siavash Khodambashi

Authors
  1. Saeed Seraj
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Siavash Khodambashi
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Michalis Pavlidis
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Nikolaos Polatidis
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

SS and NP contributed to data collection. SS and SK contributed to algorithm development. SS, SK and MP wrote the main manuscript. SS and NP prepared the figures. SS, SK, MP, and NP contributed to evaluation. NP reviewed the manuscript.

Corresponding author

Correspondence to Nikolaos Polatidis.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Seraj, S., Khodambashi, S., Pavlidis, M. et al. MVDroid: an android malicious VPN detector using neural networks. Neural Comput & Applic 35, 21555–21565 (2023). https://doi.org/10.1007/s00521-023-08512-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-023-08512-1

Keywords

Profiles

  1. Nikolaos Polatidis View author profile