Skip to main content
SpringerLink
Log in

HEMD: a highly efficient random forest-based malware detection framework for Android

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

Mobile phones are rapidly becoming the most widespread and popular form of communication; thus, they are also the most important attack target of malware. The amount of malware in mobile phones is increasing exponentially and poses a serious security threat. Google’s Android is the most popular smart phone platforms in the world and the mechanisms of permission declaration access control cannot identify the malware. In this paper, we proposed an ensemble machine learning system for the detection of malware on Android devices. More specifically, four groups of features including permissions, monitoring system events, sensitive API and permission rate are extracted to characterize each Android application (app). Then an ensemble random forest classifier is learned to detect whether an app is potentially malicious or not. The performance of our proposed method is evaluated on the actual data set using tenfold cross-validation. The experimental results demonstrate that the proposed method can achieve a highly accuracy of 89.91%. For further assessing the performance of our method, we compared it with the state-of-the-art support vector machine classifier. Comparison results demonstrate that the proposed method is extremely promising and could provide a cost-effective alternative for Android malware detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K (2014) DREBIN: effective and explainable detection of android malware in your pocket. In: Network and distributed system security symposium

  2. Werth D, Emrich A, Chapko A (2012) An ecosystem for user-generated mobile services. J Converg 3(4):35–40

    Google Scholar 

  3. Gnanaraj JWK, Ezra K, Rajsingh EB (2013) Smart card based time efficient authentication scheme for global grid computing. Hum Cent Comput Inf Sci 3(1):1–14

    Article  Google Scholar 

  4. Motive Security Labs. Malware report—H1 2015 (2015) http://resources.alcatel-lucent.com/asset/189669

  5. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: ACM workshop on security and privacy in smartphones and mobile devices, pp 15–26

  6. Schmidt AD, Camtepe SA, Albayrak S (2010) Static smartphone malware detection. In: The 5th security research conference (Future Security 2010). Berlin, p 146

  7. Sharma A, Dash SK (2014) Mining API calls and permissions for android malware detection. In: International conference on cryptology and network security. Springer, pp 191–205

  8. Kou X, Wen Q (2011) Intrusion detection model based on android. In: 2011 4th IEEE international conference on broadband network and multimedia technology, pp 624–628

  9. Bose A, Hu X, Shin KG, Park T (2008) Behavioral detection of malware on mobile handsets. In: ACM proceedings of the 6th international conference on mobile systems, applications, and services, pp 225–238

  10. More SS, Gaikwad PP (2016) Trust-based voting method for efficient malware detection. Proced Comput Sci 79:657–667

    Article  Google Scholar 

  11. Shabtai A, Moskovitch R, Elovici Y, Glezer C (2009) Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf Secur Tech Rep 14(1):16–29

    Article  Google Scholar 

  12. Chandramohan M, Tan HBK (2012) Detection of mobile malware in the wild. Computer 45(9):65–71

    Article  Google Scholar 

  13. Huang CY, Tsai YT, Hsu CH (2013) Performance evaluation on permission-based detection for android malware. Advances in intelligent systems and applications-volume 2. Springer, Berlin, pp 111–120

    Chapter  Google Scholar 

  14. Gupta BB, Tewari A, Jain AK, Agrawal DP (2016) Fighting against phishing attacks: state of the art and future challenges. Neural Comput Appl. doi:10.1007/s00521-016-2275-y

    Article  Google Scholar 

  15. Moser A, Kruegel C, Kirda E (2007) Limits of static analysis for malware detection. In: IEEE computer security applications conference, 2007. Twenty-third annual, pp 421–430

  16. Li Y, Li S, Song Q, Liu H, Meng QH (2014) Fast and robust data association using posterior based approximate joint compatibility test. IEEE Trans Indus Inf 10(1):331–339

    Article  Google Scholar 

  17. Schmidt AD, Schmidt HG, Clausen J, Camtepe A, Albayrak S (2008) Enhancing security of linux-based android devices. In: 15th international Linux Kongress. Lehmann

  18. Cheng J, Wong SHY, Yang H, Lu S (2007) Smartsiren: virus detection and alert for smartphones. In: Proceedings of the 5th international conference on mobile systems, applications and services. ACM, pp 258–271

  19. Liu L, Yan G, Zhang X, Chen S (2009) Virusmeter: preventing your cellphone from spies. International workshop on recent advances in intrusion detection. Springer, Berlin, pp 244–264

    Chapter  Google Scholar 

  20. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26

  21. Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190

    Article  Google Scholar 

  22. Dini G, Martinelli F, Saracino A, Sgamdirra D (2012) MADAM: a multi-level anomaly detector for android malware. International conference on mathematical methods, models, and architectures for computer network security. Springer, Berlin, pp 240–253

    Google Scholar 

  23. Kapoor A, Dhavale S (2016) Control flow graph based multiclass malware detection using bi-normal separation. Def Sci J 66(2):138–145

    Article  Google Scholar 

  24. Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th international conference on tools with artificial intelligence, pp 300–305

  25. Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):1–42

    Article  Google Scholar 

  26. Zhao M, Ge F, Zhang T, Yuan Z (2011) AntiMalDroid: an efficient SVM-based malware detection framework for android. International conference on information computing and applications. Springer, Berlin, pp 158–166

    Chapter  Google Scholar 

  27. Yerima SY, Sezer S, Mcwilliams G (2014) Analysis of Bayesian classification-based approaches for android malware detection. IET Inf Secur 8(1):25–36

    Article  Google Scholar 

  28. Narudin FA, Feizollah A, Anuar NB, Gani A (2016) Evaluation of machine learning classifiers for mobile malware detection. Soft Comput 20(1):343–357

    Article  Google Scholar 

  29. Santos I, Devesa J, Brezo F, Nieves J, Bringas PG (2013) Opem: a static-dynamic approach for machine-learning-based malware detection. International joint conference CISIS’12-ICEUTE´ 12-SOCO´ 12 special sessions. Springer, Berlin, pp 271–280

    Chapter  Google Scholar 

  30. Allix K, Bissyandé TF, Jérome Q, Klein J, State R (2016) Empirical assessment of machine learning-based malware detectors for Android. Empir Softw Eng 21(1):183–211

    Article  Google Scholar 

  31. Ham HS, Kim HH, Kim MS, Choi MJ (2014) Linear SVM-based android malware detection. In: Frontier and innovation in future computing and communications, vol 301. Springer, pp 575–585

  32. Elyan E, Gaber MM (2016) A fine-grained random forests using class decomposition: an application to medical diagnosis. Neural Comput Appl 27(8):2279–2288

    Article  Google Scholar 

  33. Jang J, Kang H, Woo J, Mohaisen A, Kim HK (2015) Andro-autopsy: anti-malware system based on similarity matching of malware and malware creator-centric information. Digital Investig 14:17–35

    Article  Google Scholar 

  34. Li W, Ge J, Dai G (2015) Detecting malware for android platform: an SVM-based approach. In: Cyber security and cloud computing (CSCloud), 2015 IEEE 2nd international conference, pp 464–469

  35. Oulehla M, Malanik D (2016) Techniques that allow hidden activity based malware on android mobile devices. Int J Sci Eng Appl Sci (IJSEAS) 2(3):409–419

    Google Scholar 

  36. Chan PPK, Song WK (2014) Static detection of android malware by using permissions and API calls. In: IEEE 2014 international conference on machine learning and cybernetics, vol 1, pp 82–87

  37. Wolfe B, Elish KO, Yao D (2014) Comprehensive behavior profiling for proactive android malware detection. In: International conference on information security. Springer, pp 328–344

  38. Idrees F, Rajarajan M (2014) Investigating the android intents and permissions for malware detection. In: 2014 IEEE 10th international conference on wireless and mobile computing, networking and communications (WiMob). IEEE, pp 354–358

  39. Aafer Y, Du W, Yin H (2013) DroidAPIMiner: mining API-level features for robust malware detection in android. In: International conference on security and privacy in communication systems. Springer, pp 86–103

  40. Wu D J, Mao C H, Lee H M, Wu KP (2012) Droidmat: Android malware detection through manifest and API calls tracing. In: Information security (Asia JCIS), 2012 seventh Asia joint conference on. IEEE, pp 62–69

  41. Ellis K, Kerr J, Godbole S, Lanckriet G, Wing D, Marshall S (2014) A random forest classifier for the prediction of energy expenditure and type of physical activity from wrist and hip accelerometers. Physiol Meas 35(11):2191

    Article  Google Scholar 

  42. Breiman L (1996) Bagging predictors. Mach Learn 24(2):123–140

    MathSciNet  MATH  Google Scholar 

  43. Ham HS, Choi MJ (2013) Analysis of android malware detection performance using machine learning classifiers. In: IEEE 2013 international conference on ICT convergence (ICTC), pp 490–495

  44. Kim T, Choi Y, Han S, Chung J Y (2012) Monitoring and detecting abnormal behavior in mobile cloud infrastructure. In: 2012 IEEE network operations and management symposium, pp 1303–1310

  45. Sahs J, Khan L (2012) A machine learning approach to android malware detection. In: IEEE intelligence and security informatics conference (EISIC), 2012 European, pp 141–147

Download references

Acknowledgements

This work is supported in part by the West Light Foundation of The Chinese Academy of Sciences, under Grants XBBS201313, and in part by the Thousand Talents Plan, under Grant Y32H251201. The authors would like to thank all anonymous reviewers for their constructive advices.

Author information

Authors and Affiliations

  1. The Xinjiang Technical Institute of Physics and Chemistry, Chinese Academy of Sciences, Ürümqi, 830011, China

    Hui-Juan Zhu, Tong-Hai Jiang, Bo Ma, Zhu-Hong You, Wei-Lei Shi & Li Cheng

  2. University of Chinese Academy of Sciences, Beijing, 100049, China

    Hui-Juan Zhu

  3. Xinjiang Laboratory of Minority Speech and Language Information Processing, Ürümqi, 830011, China

    Hui-Juan Zhu, Tong-Hai Jiang, Bo Ma, Zhu-Hong You & Li Cheng

Authors
  1. Hui-Juan Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tong-Hai Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhu-Hong You
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wei-Lei Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Li Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Zhu-Hong You or Wei-Lei Shi.

Ethics declarations

Conflict of interest

The authors declare that there is no conflict of interests regarding the publication of this paper.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhu, HJ., Jiang, TH., Ma, B. et al. HEMD: a highly efficient random forest-based malware detection framework for Android. Neural Comput & Applic 30, 3353–3361 (2018). https://doi.org/10.1007/s00521-017-2914-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-017-2914-y

Keywords

Search

Navigation