Abstract
Malware threats are growing, while at the same time, concealment strategies are being used to make them undetectable for current commercial antivirus. Android is one of the target architectures where these problems are specially alarming due to the wide extension of the platform in different everyday devices. The detection is specially relevant for Android markets in order to ensure that all the software they offer is clean. However, obfuscation has proven to be effective at evading the detection process. In this paper, we leverage third-party calls to bypass the effects of these concealment strategies, since they cannot be obfuscated. We combine clustering and multi-objective optimisation to generate a classifier based on specific behaviours defined by third-party call groups. The optimiser ensures that these groups are related to malicious or benign behaviours cleaning any non-discriminative pattern. This tool, named MOCDroid, achieves an accuracy of 95.15 % in test with 1.69 % of false positives with real apps extracted from the wild, overcoming all commercial antivirus engines from VirusTotal.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aafer Y, Du W, Yin H (2013) Droidapiminer: mining api-level features for robust malware detection in android. Security and privacy in communication networks. Springer, Berlin, pp 86–103
Arp D, Spreitzenbarth M, Hübner M, Gascon H, Rieck K, Siemens CERT (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of the annual symposium on network and distributed system security (NDSS)
Aung Z, Zaw W (2013) Permission-based android malware detection. Int J Sci Technol Res 2(3):228–234
Aycock J (2006) Computer viruses and malware, vol 22. Springer, Berlin
Bello-Orgaz G, Jung JJ, Camacho D (2016) Social big data: recent achievements and new challenges. Inf Fusion 28:45–59
Bello-Orgaz G, Menéndez HD, Camacho D (2012) Adaptive k-means algorithm for overlapped graph clustering. Int J Neural Syst 22(05):1250018
Brock G, Pihur V, Datta S, Datta S (2008) clValid: an R package for cluster validation. J Stat Softw 25(1):1–22
Collberg C, Thomborson C, Low D (1997) A taxonomy of obfuscating transformations. Technical report, Department of Computer Science, The University of Auckland, New Zealand
Gorla A, Tavecchia I, Gross F, Zeller A (2014) Checking app behavior against app descriptions. In: Proceedings of the 36th international conference on software engineering. ACM, pp 1025–1035
Idika N, Mathur AP (2007) A survey of malware detection techniques. Purdue University, pp 48
Isohara T, Takemori K, Kubota A (2011) Kernel-based behavior analysis for android malware detection. In: Computational intelligence and security (CIS), 2011 seventh international conference on. IEEE, pp 1011–1015
Kang B, Kang B, Kim J, Im EG (2013) Android malware classification method: Dalvik bytecode frequency analysis. In: Proceedings of the 2013 research in adaptive and convergent systems, RACS ’13. ACM, New York, pp 349–350
Larose DT (2014) Discovering knowledge in data: an introduction to data mining. Wiley, New York
Martín A, Menéndez HD, Camacho D (2016) String-based malware detection for android environments. In: Intelligent distributed computing X—proceedings of the 10th international symposium on intelligent distributed computing—IDC’2016, Paris (in press)
Martín A, Menéndez HD, Camacho D (2016) Studying the influence of static api call for hiding malware. In: MAEB 2016 (XI Congreso Espaol de Metaheursticas, Algoritmos Evolutivos y Bioinspirados (MAEB 2016) (in press)
Martín A, Menéndez HD, Camacho D (2016) Genetic boosting classification for malware detection. In: Evolutionary computation (CEC), 2016 IEEE congress on. IEEE
Mas’ ud MZ, Sahib S, Abdollah MF, Selamat SR, Yusof R (2014) Analysis of features selection and machine learning classifier in android malware detection. In: Information science and applications (ICISA), 2014 international conference on. IEEE, pp 1–5
Menendez HD, Barrero DF, Camacho D (2014) A genetic graph-based approach for partitional clustering. Int J Neural Syst 24(03):1430008
Meyer D, Hornik K, Feinerer I (2008) Text mining infrastructure in R. J Stat Soft 25(5):1–54
Moser A, Kruegel C, Kirda E (2007) Limits of static analysis for malware detection. In: Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual. IEEE, pp 421–430
Petsas T, Voyatzis G, Athanasopoulos E, Polychronakis M, Ioannidis S (2014) Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the seventh European workshop on system security. ACM, p 5
Rastogi V, Chen Y, Jiang X (2013) Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, ASIA CCS ’13. ACM, New York, pp 329–334
Sahs J, Khan L (2012) A machine learning approach to android malware detection. In: Intelligence and security informatics conference (EISIC), 2012 European, pp 141–147
Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) Andromaly: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190
Sharma M, Chawla M, Gajrani J (2016) A survey of android malware detection strategy and techniques. In: Proceedings of international conference on ICT for sustainable development. Springer, Berlin, pp 39–51
Sikorski M, Honig A (2012) Practical malware analysis: the hands-on guide to dissecting malicious software. No starch press, San Francisco
Suarez-Tangil G, Tapiador JE, Lombardi F, Di Pietro R (2016) ALTERDROID: differential fault analysis of obfuscated smartphone malware. IEEE Trans Mob Comput 15(4):789–802
Tam K, Khan SJ, Fattori A, Cavallaro L (2015) Copperdroid: automatic reconstruction of android malware behaviors. In: Proceedings of the symposium on network and distributed system security (NDSS)
You I, Yim K (2010) Malware obfuscation techniques: a brief survey. In: 2010 International conference on broadband, wireless computing, communication and applications. IEEE, pp 297–300
Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual api dependency graphs. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, pp 1105–1116
Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: 2012 IEEE symposium on security and privacy, pp 95–109
Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS
Zitzler E, Laumanns M, Thiele L (2001) SPEA2: improving the strength Pareto evolutionary algorithm. In: Eurogen, vol 3242, no 103, pp 95–100
Acknowledgments
This work has been supported by the next research projects: EphemeCH (TIN2014-56494-C4-4-P) Spanish Ministry of Economy and Competitivity, CIBERDINE S2013/ICE-3095, both under the European Regional Development Fund FEDER and SeMaMatch EP/K032623/1.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
Alejandro Martín, Héctor D. Menéndez and David Camacho declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Martín, A., Menéndez, H.D. & Camacho, D. MOCDroid: multi-objective evolutionary classifier for Android malware detection. Soft Comput 21, 7405–7415 (2017). https://doi.org/10.1007/s00500-016-2283-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-016-2283-y