Skip to main content
SpringerLink
Log in

A novel approach for mobile malware classification and detection in Android systems

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

With the increasing number of malicious attacks, the way how to detect malicious Apps has drawn attention in mobile technology market. In this paper, we proposed a detection model to seek and track malware Apps actions in such devices. To characterize the behaviors of Apps, dynamic features of each App were constrained in 166-dimension and a novel machine learning classifier is employed to detect malware Apps, and alarm will be triggered if an Android-based App is detected as malicious. With such, we can avoid a detected malware spreading out in larger scale, affecting extensively our society. Detailed description of the detection model is provided, as well the core technologies of this novel machine learning classifier are presented. From experiments performed on a set of Android-based malware and benign Apps, we observe that the proposed classification algorithm achieves highest accuracy, true-positive rate, false-positive rate, precision, recall, f-measure in comparison to other methods as K-Nearest Neighbor (KNN), Naive Bayesian (NB), Support Vector Machine (SVM), Random Forest (RF), Logistic Regression (LR), Decision tree (DT), Linear Discriminant Analysis (LDA) and Back Propagation (BP). The proposed detection model is promising and can effectively be applied to Android malware detection, providing early detection and the prospect of warning users of threatens ahead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. 360 home (2017) Android malware special report in 2016. Available online: http://www.360zhijia.com/360anquanke/178579.html. Last accessed on 8 Feb 2018

  2. Alzaylaee MK, Yerima SY, Sezer S (2017) EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning. ACM on International Workshop on Security and Privacy Analytics, ACM, p 65–72

  3. Barrera D, Oorschot PCV, Somayaji A (2010) A methodology for empirical analysis of permission-based security models and its application to Android. In: CCS 2010: Proceedings of the 17th ACM Conference on Computer and Communications Security 3:73–84

  4. Chan PPF, Hui LCK, Yiu SM (2012) DroidChecker: analyzing android applications for capability leak. ACM, p 125–136

  5. Chen H, Zhao H, Shen J, Zhou R, Zhou Q (2015) Supervised machine learning model for high dimensional gene data in colon cancer detection. IEEE International Congress on Big Data. IEEE, p 134–141

  6. Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in Android. International Conference on Mobile Systems, Applications, and Services. ACM, vol. 269, p 239–252

  7. Das S, Liu Y, Zhang W, Chandramohan M (2017) Semantics-based online malware detection: towards efficient real-time protection against malware. IEEE Trans Inf Forensics Secur 11(2):289–302

    Article  Google Scholar 

  8. Elish KO, Shu X, Yao D, Ryder BG, Jiang X (2015) Profiling user-trigger dependence for android malware detection. Comput Secur 49:255–273

    Article  Google Scholar 

  9. Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: CCS 09: Proceedings of the 16th ACM conference on Computer and communications security, p 235–245

  10. Eskandari M, Hashemi S (2012) A graph mining approach for detecting unknown malwares. J Vis Lang Comput 23(3):154–162

    Article  Google Scholar 

  11. Fei T, Zheng Y (2016) A hybrid approach of mobile malware detection in Android. J Parallel Distrib Comput 103:22–31

    Google Scholar 

  12. Felt AP, Greenwood K, Wagner D (2011) The effectiveness of application permissions. Usenix Conference on Web Application Development. vol. 364, p 7–7

  13. G DATA (2015) Mobile malware report, Available online: https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MoblieMWR_Q4_2015_EN.pdf. Accessed 10 July 2015

  14. Intrusion detection system (2017) Available online: http://baike.sogou.com/v71531.htm. Accessed 17 Oct 2017

  15. Isohara T, Takemori K, Kubota A (2012) Kernel-based behavior analysis for android malware detection. Seventh International Conference on Computational Intelligence and Security. IEEE, vol. 46, p 1011–1015

  16. Lin YD, Lai YC, Chen CH, Tsai HC (2013) Identifying android malicious repackaged applications by thread-grained system call sequences. Comput Secur 39(39):340–350

    Article  Google Scholar 

  17. Mahindru A, Singh P (2017) Dynamic permissions based android malware detection using machine learning techniques. Innovations in Software Engineering Conference. ACM, p 202–210

  18. Mylonas A, Gritzalis D (2012) Book review: practical malware analysis: the hands-on guide to dissecting malicious software. Elsevier Advanced Technology Publications

  19. Ripley BD (2008) Pattern recognition and neural networks, 1st edn. Cambridge University Press, Cambridge

    MATH  Google Scholar 

  20. Sato R, Chiba D, Goto S (2013) Detecting android malware by analyzing manifest files. Asia Pacific Advanced Network. vol. 36, p 23

  21. Shabtai A (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190

    Article  Google Scholar 

  22. Smartphone OS Market Share (2017) Available online: https://www.idc.com/promo/smartphone-market-share/os. Accessed 17 Oct 2017

  23. Sohr K, Mustafa T, Nowak A (2011) Software security aspects of Java-based mobile phones. ACM Symposium on Applied Computing. DBLP, p 1494–1501

  24. Statista (2017) Global mobile OS market share 2009–2017, by quarter. Available online: https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/. Accessed 8 Feb 2018

  25. Su X, Chuah M, Tan G (2012) Smartphone dual defense protection framework: detecting malicious applications in android markets. Eighth International Conference on Mobile Ad-Hoc and Sensor Networks. IEEE, p 153–160

  26. Suarez-Tangil G, Tapiador JE, Peris-Lopez P, Ribagorda A (2014) Evolution, detection and analysis of malware for smart devices. IEEE Commun Surv Tutorials 16(2):961–987

    Article  Google Scholar 

  27. Wu DJ, Mao CH, Lee HM, Wu KP (2012) DroidMat: Android Malware Detection through Manifest and API Calls Tracing, Information Security. IEEE, p 62–69

  28. Yang W, Xiao X, Andow B, Li S, Xie T, Enck W (2015) AppContext: differentiating malicious and benign mobile app behaviors using context. Ieee/acm, IEEE International Conference on Software Engineering, IEEE vol 1, p 303–313

  29. Yong B, Xu Z, Shen J, Chen H, Tian Y, Zhou Q (2017) Neural network model with Monte Carlo algorithm for electricity demand forecasting in Queensland. Australasian Computer Science Week Multiconference, ACM, p 47

  30. Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual API dependency graphs. ACM 7:1105–1116

    Google Scholar 

  31. Zhao H (2016) General vector machine. Available online: https://arxiv.org/abs/1602.03950v1. Accessed 17 Oct 2017. arXiv:1602.03950

  32. Zheng M, Sun M, Lui JCS (2014) DroidTrace: a ptrace based Android dynamic analysissystem with forward execution capability. Wireless Communications and Mobile Computing Conference, IEEE, p 128–133

  33. Zhou W, Zhou Y, Jiang X, Ning P (2012) Detecting repackaged smartphone applications in third-party android marketplaces. ACM Conference on Data and Application Security and Privacy. ACM, p 317–326

Download references

Acknowledgements

This work was supported by Ministry of Education - China Mobile Research Foundation under Grant No. MCM20170206, The Fundamental Research Funds for the Central Universities under Grant No. lzujbky-2018-k12, National Natural Science Foundation of China under Grant No. 61402210 and 60973137, Major National Project of High Resolution Earth Observation System under Grant No. 30-Y20A34-9010-15/17, State Grid Corporation Science and Technology Project under Grant No. SGGSKY00FJJS1700302, Program for New Century Excellent Talents in University under Grant No. NCET-12-0250, Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No. XDA03030100, Google Research Awards and Google Faculty Award.

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Lanzhou University, Lanzhou, China

    Qingguo Zhou, Fang Feng, Zebang Shen & Rui Zhou

  2. School of Electronic and Information Engineering, Lanzhou Institute of Technology, Lanzhou, China

    Fang Feng

  3. Department of Computer Science and Information Engineering, Providence University, Taichung, Taiwan

    Meng-Yen Hsieh & Kuan-Ching Li

Authors
  1. Qingguo Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fang Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zebang Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rui Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Meng-Yen Hsieh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kuan-Ching Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kuan-Ching Li.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhou, Q., Feng, F., Shen, Z. et al. A novel approach for mobile malware classification and detection in Android systems. Multimed Tools Appl 78, 3529–3552 (2019). https://doi.org/10.1007/s11042-018-6498-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-018-6498-z

Keywords

Search

Navigation