SpringerLink
Log in

Android Malware Detection in Large Dataset: Smart Approach

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1129))

Included in the following conference series:

Abstract

As the most widely used operating system for smartphones, Android is still growing, with many applications deployed in the mobile space, as well as other Android-based Internet-of-Things devices. A major side effect of the unprotected usage of such apps is the security loophole allowing app developers to access users’ critical data on their devices. Hence, the lack of modern, precise validation of Android apps necessitates a new technique for malware detection. Proposed is a new smart mechanism that utilizes several machine learning models to analyze Android app behavior. More than 100 thousand Android application packages (APKs) containing more than 80,000 malware variants from 179 different families (in addition to benign Android apps) were collected. For added robustness, the model was trained with various malware found between 2006 and 2018. In consideration of the utilized app-dataset size, our smart model is poised as a very fast processing method for vast amounts of apps, unimplemented by other works in the field. The proposed smart Android malware detector obtained a very encouraging accuracy, ranging between 95% and 97%, on average for around 100 thousand analyzed APKs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium, February 2012

    Google Scholar 

  2. Zhou, Y., Jiang, X.: Dissecting android Malware: characterization and evolution security and privacy (SP). In: 2012 IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  3. Cheng, J., Wong, S.H., Yang, H., Lu, S.: SmartSiren: virus detection and alert for smartphones. In: International Conference on Mobile Systems, Applications, and Services (MobiSys) (2007)

    Google Scholar 

  4. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Alvarez, G.: PUMA: permission usage to detect Malware in Android. In: Advances in Intelligent Systems and Computing (AISC) (2012)

    Google Scholar 

  5. Wang, J., Deng, P., Fan, Y., Jaw, L., Liu, Y.: Virus detection using data mining techniques. In: Proceedings of IEEE International Conference on Data Mining (2003)

    Google Scholar 

  6. Android-Apktool, a tool for reverse engineering Android APK files. https://code.google.com/p/android-apktool/

  7. MARVIN: efficient and comprehensive mobile app classification through static and dynamic analysis

    Google Scholar 

  8. Android Platform Architecture. https://developer.android.com/guide/platform/

  9. Chen, X., Andersen, J., Mao, Z., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: DSN (2008)

    Google Scholar 

  10. Jidigam, R.K., Austin, T.H., Stamp, M.: Singular value decomposition and metamorphic detection. J. Comput. Virol. Hacking Tech. 11(4), 203–216 (2014)

    Article  Google Scholar 

  11. Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., Yan, X.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: SP 2010 Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 45–60 (2010)

    Google Scholar 

  12. Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security (2009)

    Google Scholar 

  13. Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: AccessMiner: using system-centric models for malware protection. In: CCS (2010)

    Google Scholar 

  14. Palahan, S., Babic, D., Chaudhuri, S., Kifer, D.: Extraction of statistically significant malware behaviors. In: ACSAC (2013)

    Google Scholar 

  15. Paleari, R., Martignoni, L., Roglia, G.F., Bruschi, D.: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators. In: USENIX WOOT (2009)

    Google Scholar 

  16. Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)

    Article  Google Scholar 

  17. Singh, T., Di Troia, F., Corrado, V.A., et al.: J. Comput. Virol. Hack. Tech. 12, 203 (2016). https://doi.org/10.1007/s11416-015-0252-0

    Article  Google Scholar 

  18. Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: TaintEraser: protecting sensitive data leaks using application-level taint tracking. SIGOPS Oper. Syst. Rev. 45(1), 142–154 (2011)

    Article  Google Scholar 

  19. Peiravian, N., Zhu, X.: Machine learning for Android malware detection using permission and API calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence (2013)

    Google Scholar 

  20. Li, X., Liu, J., Huo, Y., Zhang, R., Yao, Y.: An Android malware detection method based on Android Manifest file. In: International Conference on Cloud Computing and Intelligence Systems (CCIS), pp. 239–243 (2016)

    Google Scholar 

  21. Talha, K.A., Alper, D.I., Aydin, C.: APK Auditor: permission-based Android malware detection system. Digit. Invest. 13, 1–14 (2015)

    Article  Google Scholar 

  22. Arasavalli, S., Sravya, Y., Venuturumilli, S., Tottempudi, P., Ramakoteswarrao, G.: Securing Android devices from snoo** apps. ICOEI 2018 (2018)

    Google Scholar 

  23. Virus Total. https://www.virustotal.com/gui/graph-overview

  24. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K: Drebin: efficient and explainable detection of Android Malware in your pocket. In: 21th Annual Network and Distributed System Security Symposium (NDSS), February 2014

    Google Scholar 

  25. Spreitzenbarth, M., Echtler, F., Schreck, T., Freling, F.C., Hoffmann, J.: MobileSandbox: looking deeper into Android applications. In: 28th International ACM Symposium on Applied Computing (SAC), March 2013

    Google Scholar 

  26. Zheng, M., Sun, M., Lui, J.C.S.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate Android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2013)

    Google Scholar 

  27. Choudhary, M., Kishore, B.: HAAMD: hybrid analysis for Android malware detection. In: 2018 International Conference on Computer Communication and Informatics (ICCCI) (2018)

    Google Scholar 

  28. https://developer.android.com/guide/topics/permissions/overview

  29. Cassel, M., Lima, F.: Evaluating one-hot encoding finite state machines for SEU reliability in SRAM-based FPGAs. In: 12th IEEE International On-Line Testing Symposium (IOLTS 2006) (2006)

    Google Scholar 

  30. Hearst, M.A., Dumais, S.T., Osuna, E., Platt, J., Scholkopf, B.: Support vector machines. IEEE Intell. Syst. Appl. 13(4), 18–28 (1998)

    Article  Google Scholar 

  31. Breiman, L.: Mach. Learn. 45, 5 (2001). https://doi.org/10.1023/A:1010933404324

    Article  Google Scholar 

  32. Liao, Y., Vemuri, V.R.: Use of K-nearest neighbor classifier for intrusion detection. Comput. Secur. 21(5), 439–448 (2002)

    Article  Google Scholar 

  33. Li, M., Yuan, B.: 2D-LDA: a statistical linear discriminant analysis for image matrix. Pattern Recogn. Lett. 26(5), 527–532 (2005)

    Article  Google Scholar 

  34. Haifley, T.: Linear logistic regression: an introduction. In: IEEE International Integrated Reliability Workshop Final Report (2002)

    Google Scholar 

  35. Navada, A., Ansari, A.N., Patil, S., Sonkamble, B.A.: Overview of use of decision tree algorithms in machine learning. In: 2011 IEEE Control and System Graduate Research Colloquium (2011)

    Google Scholar 

  36. Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., Wu, K.-P.: DroidMat: Android malware detection through manifest and API Calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (2012)

    Google Scholar 

  37. Seshardi, V., Ramzan, Z., Satish, S., Kalle, C.: Using machine infection characteristics for behavior-based detection of malware. https://patents.google.com/patent/US8266698B1/en

Download references

Author information

Authors and Affiliations

  1. New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA

    Qudrat E. Alahy, Md. Naseef-Ur-Rahman Chowdhury, Hamdy Soliman, Moshrefa Sultana Chaity & Ahshanul Haque

Authors
  1. Qudrat E. Alahy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Md. Naseef-Ur-Rahman Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hamdy Soliman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Moshrefa Sultana Chaity
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ahshanul Haque
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md. Naseef-Ur-Rahman Chowdhury .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Supriya Kapoor

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alahy, Q.E., Chowdhury, M.NUR., Soliman, H., Chaity, M.S., Haque, A. (2020). Android Malware Detection in Large Dataset: Smart Approach. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1129. Springer, Cham. https://doi.org/10.1007/978-3-030-39445-5_58

Download citation

Publish with us

Policies and ethics

Search

Navigation