Abstract
With the increasing number of malicious attacks, the way how to detect malicious Apps has drawn attention in mobile technology market. In this paper, we proposed a detection model to seek and track malware Apps actions in such devices. To characterize the behaviors of Apps, dynamic features of each App were constrained in 166-dimension and a novel machine learning classifier is employed to detect malware Apps, and alarm will be triggered if an Android-based App is detected as malicious. With such, we can avoid a detected malware spreading out in larger scale, affecting extensively our society. Detailed description of the detection model is provided, as well the core technologies of this novel machine learning classifier are presented. From experiments performed on a set of Android-based malware and benign Apps, we observe that the proposed classification algorithm achieves highest accuracy, true-positive rate, false-positive rate, precision, recall, f-measure in comparison to other methods as K-Nearest Neighbor (KNN), Naive Bayesian (NB), Support Vector Machine (SVM), Random Forest (RF), Logistic Regression (LR), Decision tree (DT), Linear Discriminant Analysis (LDA) and Back Propagation (BP). The proposed detection model is promising and can effectively be applied to Android malware detection, providing early detection and the prospect of warning users of threatens ahead.
Similar content being viewed by others
References
360 home (2017) Android malware special report in 2016. Available online: http://www.360zhijia.com/360anquanke/178579.html. Last accessed on 8 Feb 2018
Alzaylaee MK, Yerima SY, Sezer S (2017) EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning. ACM on International Workshop on Security and Privacy Analytics, ACM, p 65–72
Barrera D, Oorschot PCV, Somayaji A (2010) A methodology for empirical analysis of permission-based security models and its application to Android. In: CCS 2010: Proceedings of the 17th ACM Conference on Computer and Communications Security 3:73–84
Chan PPF, Hui LCK, Yiu SM (2012) DroidChecker: analyzing android applications for capability leak. ACM, p 125–136
Chen H, Zhao H, Shen J, Zhou R, Zhou Q (2015) Supervised machine learning model for high dimensional gene data in colon cancer detection. IEEE International Congress on Big Data. IEEE, p 134–141
Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in Android. International Conference on Mobile Systems, Applications, and Services. ACM, vol. 269, p 239–252
Das S, Liu Y, Zhang W, Chandramohan M (2017) Semantics-based online malware detection: towards efficient real-time protection against malware. IEEE Trans Inf Forensics Secur 11(2):289–302
Elish KO, Shu X, Yao D, Ryder BG, Jiang X (2015) Profiling user-trigger dependence for android malware detection. Comput Secur 49:255–273
Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: CCS 09: Proceedings of the 16th ACM conference on Computer and communications security, p 235–245
Eskandari M, Hashemi S (2012) A graph mining approach for detecting unknown malwares. J Vis Lang Comput 23(3):154–162
Fei T, Zheng Y (2016) A hybrid approach of mobile malware detection in Android. J Parallel Distrib Comput 103:22–31
Felt AP, Greenwood K, Wagner D (2011) The effectiveness of application permissions. Usenix Conference on Web Application Development. vol. 364, p 7–7
G DATA (2015) Mobile malware report, Available online: https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MoblieMWR_Q4_2015_EN.pdf. Accessed 10 July 2015
Intrusion detection system (2017) Available online: http://baike.sogou.com/v71531.htm. Accessed 17 Oct 2017
Isohara T, Takemori K, Kubota A (2012) Kernel-based behavior analysis for android malware detection. Seventh International Conference on Computational Intelligence and Security. IEEE, vol. 46, p 1011–1015
Lin YD, Lai YC, Chen CH, Tsai HC (2013) Identifying android malicious repackaged applications by thread-grained system call sequences. Comput Secur 39(39):340–350
Mahindru A, Singh P (2017) Dynamic permissions based android malware detection using machine learning techniques. Innovations in Software Engineering Conference. ACM, p 202–210
Mylonas A, Gritzalis D (2012) Book review: practical malware analysis: the hands-on guide to dissecting malicious software. Elsevier Advanced Technology Publications
Ripley BD (2008) Pattern recognition and neural networks, 1st edn. Cambridge University Press, Cambridge
Sato R, Chiba D, Goto S (2013) Detecting android malware by analyzing manifest files. Asia Pacific Advanced Network. vol. 36, p 23
Shabtai A (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190
Smartphone OS Market Share (2017) Available online: https://www.idc.com/promo/smartphone-market-share/os. Accessed 17 Oct 2017
Sohr K, Mustafa T, Nowak A (2011) Software security aspects of Java-based mobile phones. ACM Symposium on Applied Computing. DBLP, p 1494–1501
Statista (2017) Global mobile OS market share 2009–2017, by quarter. Available online: https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/. Accessed 8 Feb 2018
Su X, Chuah M, Tan G (2012) Smartphone dual defense protection framework: detecting malicious applications in android markets. Eighth International Conference on Mobile Ad-Hoc and Sensor Networks. IEEE, p 153–160
Suarez-Tangil G, Tapiador JE, Peris-Lopez P, Ribagorda A (2014) Evolution, detection and analysis of malware for smart devices. IEEE Commun Surv Tutorials 16(2):961–987
Wu DJ, Mao CH, Lee HM, Wu KP (2012) DroidMat: Android Malware Detection through Manifest and API Calls Tracing, Information Security. IEEE, p 62–69
Yang W, Xiao X, Andow B, Li S, Xie T, Enck W (2015) AppContext: differentiating malicious and benign mobile app behaviors using context. Ieee/acm, IEEE International Conference on Software Engineering, IEEE vol 1, p 303–313
Yong B, Xu Z, Shen J, Chen H, Tian Y, Zhou Q (2017) Neural network model with Monte Carlo algorithm for electricity demand forecasting in Queensland. Australasian Computer Science Week Multiconference, ACM, p 47
Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual API dependency graphs. ACM 7:1105–1116
Zhao H (2016) General vector machine. Available online: https://arxiv.org/abs/1602.03950v1. Accessed 17 Oct 2017. arXiv:1602.03950
Zheng M, Sun M, Lui JCS (2014) DroidTrace: a ptrace based Android dynamic analysissystem with forward execution capability. Wireless Communications and Mobile Computing Conference, IEEE, p 128–133
Zhou W, Zhou Y, Jiang X, Ning P (2012) Detecting repackaged smartphone applications in third-party android marketplaces. ACM Conference on Data and Application Security and Privacy. ACM, p 317–326
Acknowledgements
This work was supported by Ministry of Education - China Mobile Research Foundation under Grant No. MCM20170206, The Fundamental Research Funds for the Central Universities under Grant No. lzujbky-2018-k12, National Natural Science Foundation of China under Grant No. 61402210 and 60973137, Major National Project of High Resolution Earth Observation System under Grant No. 30-Y20A34-9010-15/17, State Grid Corporation Science and Technology Project under Grant No. SGGSKY00FJJS1700302, Program for New Century Excellent Talents in University under Grant No. NCET-12-0250, Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No. XDA03030100, Google Research Awards and Google Faculty Award.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhou, Q., Feng, F., Shen, Z. et al. A novel approach for mobile malware classification and detection in Android systems. Multimed Tools Appl 78, 3529–3552 (2019). https://doi.org/10.1007/s11042-018-6498-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-018-6498-z