Abstract
Mobile phones are rapidly becoming the most widespread and popular form of communication; thus, they are also the most important attack target of malware. The amount of malware in mobile phones is increasing exponentially and poses a serious security threat. Google’s Android is the most popular smart phone platforms in the world and the mechanisms of permission declaration access control cannot identify the malware. In this paper, we proposed an ensemble machine learning system for the detection of malware on Android devices. More specifically, four groups of features including permissions, monitoring system events, sensitive API and permission rate are extracted to characterize each Android application (app). Then an ensemble random forest classifier is learned to detect whether an app is potentially malicious or not. The performance of our proposed method is evaluated on the actual data set using tenfold cross-validation. The experimental results demonstrate that the proposed method can achieve a highly accuracy of 89.91%. For further assessing the performance of our method, we compared it with the state-of-the-art support vector machine classifier. Comparison results demonstrate that the proposed method is extremely promising and could provide a cost-effective alternative for Android malware detection.
Similar content being viewed by others
References
Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K (2014) DREBIN: effective and explainable detection of android malware in your pocket. In: Network and distributed system security symposium
Werth D, Emrich A, Chapko A (2012) An ecosystem for user-generated mobile services. J Converg 3(4):35–40
Gnanaraj JWK, Ezra K, Rajsingh EB (2013) Smart card based time efficient authentication scheme for global grid computing. Hum Cent Comput Inf Sci 3(1):1–14
Motive Security Labs. Malware report—H1 2015 (2015) http://resources.alcatel-lucent.com/asset/189669
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: ACM workshop on security and privacy in smartphones and mobile devices, pp 15–26
Schmidt AD, Camtepe SA, Albayrak S (2010) Static smartphone malware detection. In: The 5th security research conference (Future Security 2010). Berlin, p 146
Sharma A, Dash SK (2014) Mining API calls and permissions for android malware detection. In: International conference on cryptology and network security. Springer, pp 191–205
Kou X, Wen Q (2011) Intrusion detection model based on android. In: 2011 4th IEEE international conference on broadband network and multimedia technology, pp 624–628
Bose A, Hu X, Shin KG, Park T (2008) Behavioral detection of malware on mobile handsets. In: ACM proceedings of the 6th international conference on mobile systems, applications, and services, pp 225–238
More SS, Gaikwad PP (2016) Trust-based voting method for efficient malware detection. Proced Comput Sci 79:657–667
Shabtai A, Moskovitch R, Elovici Y, Glezer C (2009) Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf Secur Tech Rep 14(1):16–29
Chandramohan M, Tan HBK (2012) Detection of mobile malware in the wild. Computer 45(9):65–71
Huang CY, Tsai YT, Hsu CH (2013) Performance evaluation on permission-based detection for android malware. Advances in intelligent systems and applications-volume 2. Springer, Berlin, pp 111–120
Gupta BB, Tewari A, Jain AK, Agrawal DP (2016) Fighting against phishing attacks: state of the art and future challenges. Neural Comput Appl. doi:10.1007/s00521-016-2275-y
Moser A, Kruegel C, Kirda E (2007) Limits of static analysis for malware detection. In: IEEE computer security applications conference, 2007. Twenty-third annual, pp 421–430
Li Y, Li S, Song Q, Liu H, Meng QH (2014) Fast and robust data association using posterior based approximate joint compatibility test. IEEE Trans Indus Inf 10(1):331–339
Schmidt AD, Schmidt HG, Clausen J, Camtepe A, Albayrak S (2008) Enhancing security of linux-based android devices. In: 15th international Linux Kongress. Lehmann
Cheng J, Wong SHY, Yang H, Lu S (2007) Smartsiren: virus detection and alert for smartphones. In: Proceedings of the 5th international conference on mobile systems, applications and services. ACM, pp 258–271
Liu L, Yan G, Zhang X, Chen S (2009) Virusmeter: preventing your cellphone from spies. International workshop on recent advances in intrusion detection. Springer, Berlin, pp 244–264
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26
Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190
Dini G, Martinelli F, Saracino A, Sgamdirra D (2012) MADAM: a multi-level anomaly detector for android malware. International conference on mathematical methods, models, and architectures for computer network security. Springer, Berlin, pp 240–253
Kapoor A, Dhavale S (2016) Control flow graph based multiclass malware detection using bi-normal separation. Def Sci J 66(2):138–145
Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th international conference on tools with artificial intelligence, pp 300–305
Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):1–42
Zhao M, Ge F, Zhang T, Yuan Z (2011) AntiMalDroid: an efficient SVM-based malware detection framework for android. International conference on information computing and applications. Springer, Berlin, pp 158–166
Yerima SY, Sezer S, Mcwilliams G (2014) Analysis of Bayesian classification-based approaches for android malware detection. IET Inf Secur 8(1):25–36
Narudin FA, Feizollah A, Anuar NB, Gani A (2016) Evaluation of machine learning classifiers for mobile malware detection. Soft Comput 20(1):343–357
Santos I, Devesa J, Brezo F, Nieves J, Bringas PG (2013) Opem: a static-dynamic approach for machine-learning-based malware detection. International joint conference CISIS’12-ICEUTE´ 12-SOCO´ 12 special sessions. Springer, Berlin, pp 271–280
Allix K, Bissyandé TF, Jérome Q, Klein J, State R (2016) Empirical assessment of machine learning-based malware detectors for Android. Empir Softw Eng 21(1):183–211
Ham HS, Kim HH, Kim MS, Choi MJ (2014) Linear SVM-based android malware detection. In: Frontier and innovation in future computing and communications, vol 301. Springer, pp 575–585
Elyan E, Gaber MM (2016) A fine-grained random forests using class decomposition: an application to medical diagnosis. Neural Comput Appl 27(8):2279–2288
Jang J, Kang H, Woo J, Mohaisen A, Kim HK (2015) Andro-autopsy: anti-malware system based on similarity matching of malware and malware creator-centric information. Digital Investig 14:17–35
Li W, Ge J, Dai G (2015) Detecting malware for android platform: an SVM-based approach. In: Cyber security and cloud computing (CSCloud), 2015 IEEE 2nd international conference, pp 464–469
Oulehla M, Malanik D (2016) Techniques that allow hidden activity based malware on android mobile devices. Int J Sci Eng Appl Sci (IJSEAS) 2(3):409–419
Chan PPK, Song WK (2014) Static detection of android malware by using permissions and API calls. In: IEEE 2014 international conference on machine learning and cybernetics, vol 1, pp 82–87
Wolfe B, Elish KO, Yao D (2014) Comprehensive behavior profiling for proactive android malware detection. In: International conference on information security. Springer, pp 328–344
Idrees F, Rajarajan M (2014) Investigating the android intents and permissions for malware detection. In: 2014 IEEE 10th international conference on wireless and mobile computing, networking and communications (WiMob). IEEE, pp 354–358
Aafer Y, Du W, Yin H (2013) DroidAPIMiner: mining API-level features for robust malware detection in android. In: International conference on security and privacy in communication systems. Springer, pp 86–103
Wu D J, Mao C H, Lee H M, Wu KP (2012) Droidmat: Android malware detection through manifest and API calls tracing. In: Information security (Asia JCIS), 2012 seventh Asia joint conference on. IEEE, pp 62–69
Ellis K, Kerr J, Godbole S, Lanckriet G, Wing D, Marshall S (2014) A random forest classifier for the prediction of energy expenditure and type of physical activity from wrist and hip accelerometers. Physiol Meas 35(11):2191
Breiman L (1996) Bagging predictors. Mach Learn 24(2):123–140
Ham HS, Choi MJ (2013) Analysis of android malware detection performance using machine learning classifiers. In: IEEE 2013 international conference on ICT convergence (ICTC), pp 490–495
Kim T, Choi Y, Han S, Chung J Y (2012) Monitoring and detecting abnormal behavior in mobile cloud infrastructure. In: 2012 IEEE network operations and management symposium, pp 1303–1310
Sahs J, Khan L (2012) A machine learning approach to android malware detection. In: IEEE intelligence and security informatics conference (EISIC), 2012 European, pp 141–147
Acknowledgements
This work is supported in part by the West Light Foundation of The Chinese Academy of Sciences, under Grants XBBS201313, and in part by the Thousand Talents Plan, under Grant Y32H251201. The authors would like to thank all anonymous reviewers for their constructive advices.
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
Conflict of interest
The authors declare that there is no conflict of interests regarding the publication of this paper.
Rights and permissions
About this article
Cite this article
Zhu, HJ., Jiang, TH., Ma, B. et al. HEMD: a highly efficient random forest-based malware detection framework for Android. Neural Comput & Applic 30, 3353–3361 (2018). https://doi.org/10.1007/s00521-017-2914-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-017-2914-y