Abstract
Recent years have witnessed huge growth in Android malware development. Colossal reliance on Android applications for day to day working and their massive development dictates for an automated mechanism to distinguish malicious applications from benign ones. A significant amount of research has been devoted to analyzing and mitigating this growing problem; however, attackers are using more complicated techniques to evade detection. This paper proposes a framework, AdDroid; for analyzing and detecting malicious behaviour in Android applications based on various combinations of artefacts called Rules. The artefacts represent actions of an Android application such as connecting to the Internet, uploading a file to a remote server or installing another package on the device etc. AdDroid employs an ensemble-based machine learning technique where Adaboost is combined with traditional classifiers in order to train a model founded on static analysis of Android applications that is capable of recognizing malicious applications. Feature selection and extraction techniques are used to get the most distinguishing Rules. The proposed model is created using a dataset comprising 1420 Android applications with 910 malicious and 510 benign applications. Our proposed system achieved an accuracy of 99.11% with 98.61% True Positive (TP) and 99.33% True Negative (TN) rate. The high TP and TN rates reflect the efficacy on both major and minor class. Since the proposed solution has exceptionally low computational complexity, therefore, making it possible to analyze applications in real-time.
Similar content being viewed by others
References
Apple Vs Android, A comparative study 2017 (2018) Available: https://android.jlelse.eu/apple-vs-android-a-comparative-study-2017-c5799a0a1683
Gandhewar N, Sheikh R (2010) Google Android: An emerging software platform for mobile devices. Int J Comput Sci Eng 1:12–17
Number of available applications in the Google Play Store from December 2009 to September 2018 (2018) Available: https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/
Felt AP, Finifter M, Chin E, Hanna S, Wagner D (2011) A survey of mobile malware in the wild. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp 3–14
Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security, pp 627–638
Huang C-Y, Tsai Y-T, Hsu C-H (2013) Performance evaluation on permission-based detection for android malware. In: Advances in Intelligent Systems and Applications-Volume 2, ed:, pp 111–120. Springer
Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual api dependency graphs. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, pp 1105–1116
Wu D-J, Mao C-H, Wei T-E, Lee H-M, Wu K-P (2012) Droidmat: Android malware detection through manifest and api calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp 62–69
Sahs J, Khan L (2012) A machine learning approach to android malware detection. In: Intelligence and security informatics conference (eisic), 2012 european, pp 141–147
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp 15–26
Ghani SMA, Abdollah MF, Yusof R, Mas’ud MZ (2015) Recognizing API features for malware detection using static analysis. J Wirel Netw Commun 5:6–12
Peng H, Gates C, Sarma B, Li N, Qi Y, Potharaju R et al (2012) Using probabilistic generative models for ranking risks of android apps In: Proceedings of the 2012 ACM conference on Computer and communications security, pp 241–252
Sarma BP, Li N, Gates C, Potharaju R, Nita-Rotaru C, Molloy I (2012) Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp 13–22
Do Q, Martini B, Choo K-KR (2014) Enhancing user privacy on android mobile devices via permissions removal. In: 2014 47th Hawaii International Conference on System Sciences (HICSS), pp 5070–5079
Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C (2014) DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In: NDSS
Vidas T, Tan J, Nahata J, Tan CL, Christin N, Tague P (2014) A5: Automated analysis of adversarial android applications. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp 39–50
Chakradeo S, Reaves B, Traynor P, Enck W (2013) Mast: Triage for market-scale mobile malware analysis. In: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, pp 13–24
Lindorfer M, Neugschwandtner M, Platzer C (2015) Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis. In: IEEE 39th Annual Computer Software and Applications Conference (COMPSAC), pp 422–433
Elish KO, Shu X, Yao DD, Ryder BG, Jiang X (2015) Profiling user-trigger dependence for Android malware detection. Comput Secur 49:255–273
Jang J-w, Kang H, Woo J, Mohaisen A, Kim HK (2015) Andro-autopsy: anti-malware system based on similarity matching of malware and malware creator-centric information. Digit Investig 14:17–35
Zhu H, Xiong H, Ge Y, Chen E (2014) Mobile app recommendations with security and privacy awareness. In: Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining, pp 951–960
Martín I, Hernández JA, Muñoz A, Guzmán A (2018) Android malware characterization using metadata and machine learning techniques security and communication networks
Parkour M (2014) Contagiodump, ed
Roberts J-M (2014) Virus share, ed
Virus Total (2017) Available: https://www.virustotal.com/#/home/upload
Tumbleson C, Wisniewski R (2015) Apktool, ed
Chia PH, Yamamoto Y, Asokan N (2012) Is this app safe?: a large scale study on application permissions and risk signals. In: Proceedings of the 21st international conference on World Wide Web, pp 311–320
Android: Normal and Dangerous Permissions (2017) Available: https://developer.android.com/guide/topics/permissions/requesting.html#normal-dangerous
Dietterich TG (2000) Ensemble methods in machine learning. In International workshop on multiple classifier systems. Springer, Berlin, pp 1–15
Kent JT (1983) Information gain and a general measure of correlation. Biometrika 70:163–173
Peiravian N, Zhu X (2013) Machine Learning for Android Malware Detection Using Permission and API Calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, pp 300–305
Feizollah A, Anuar NB, Salleh R, Suarez-Tangil G, Furnell S (2017) Androdialysis: Analysis of android intent effectiveness in malware detection. Comput Secur 65:121–134
Acknowledgements
This research is supported by the Higher Education Commission (HEC), Pakistan through its initiative of National Center for Cyber Security for the affiliated lab National Cyber Security Auditing and Evaluation Lab (NCSAEL), Grant No: 2(1078)/HEC/M&E/2018/707.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
Rights and permissions
About this article
Cite this article
Mehtab, A., Shahid, W.B., Yaqoob, T. et al. AdDroid: Rule-Based Machine Learning Framework for Android Malware Analysis. Mobile Netw Appl 25, 180–192 (2020). https://doi.org/10.1007/s11036-019-01248-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-019-01248-0