Skip to main content
SpringerLink
Log in

Android Malware Detection Methods Based on the Combination of Clustering and Classification

  • Conference paper
  • First Online:
Network and System Security (NSS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11058))

Included in the following conference series:

Abstract

With the popularity of Android platform, Android malware detection is a challenging practical problem that needs to be resolved urgently. In this paper, we propose two static analysis methods for Android malware detection based on the combination of clustering and classification. First, we obtain original feature set from the manifest file and disassembled code of Android applications. Then, through the analysis of the category and appearance frequency of each feature, we extract some key features for malware detection so as to reduce the dimensionality of feature vector. Finally, we propose two methods based on the combination of clustering and classification to distinguish malicious and benign applications. One is mixed clustering, which clusters the malicious and benign samples together; the other is separate clustering, which clusters the malicious and benign samples separately. We choose to use the K-mean clustering algorithm and the K-Nearest Neighbor (KNN) classification algorithm. Evaluation results show that our methods outperform the common SVM-based method in detection accuracy, and outperform the KNN-based method in prediction time. In addition, the detection ability for unknown malware families of our methods is also better than that of the SVM-based method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kantar Worldpanel. https://www.kantarworldpanel.com/cn/smartphone-os-market-share/. Accessed 30 Apr 2018

  2. China Mobile Security Risk Report 2017. http://bbs.360.cn/thread-14972358-1-1.html. Accessed 30 Apr 2018

  3. Chen, Z., et al.: Machine learning based mobile malware detection using highly imbalanced network traffic. Inf. Sci. 433–434, 346–364 (2018)

    Article  Google Scholar 

  4. Singh, L., Hofmann, M.: Dynamic behavior analysis of Android applications for malware detection. In: International Conference on Intelligent Communication and Computational Techniques, pp. 1-7. IEEE, Jaipur (2017)

    Google Scholar 

  5. Xiao, X., Xiao, X., Jiang, Y., Liu, X., Ye, R.: Identifying Android malware with system call co-occurrence matrices. Trans. Emerg. Telecommun. Technol. 27(5), 675–684 (2016)

    Article  Google Scholar 

  6. Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: Efficient and explainable detection of Android malware in your pocket. In: 21st Annual Network and Distributed System Security Symposium, pp. 1–15. Internet Society, San Diego (2014)

    Google Scholar 

  7. Fan, M., et al.: Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans. Inf. Forensics Secur. 13(8), 1890–1905 (2018)

    Article  Google Scholar 

  8. Deypir, M., Horri, A.: Instance based security risk value estimation for Android applications. J. Inf. Secur. Appl. 40, 20–30 (2018)

    Google Scholar 

  9. Morales-Ortega, S., Escamilla-Ambrosio, P.J., Rodriguez-Mota, A., Coronado-De-Alba, L.D.: Native malware detection in smartphones with Android OS using static analysis, feature selection and ensemble classifiers. In: 11th International Conference on Malicious and Unwanted Software, pp. 67–74. IEEE, Fajardo (2017)

    Google Scholar 

  10. Chen, T., Yang, Y., Chen, B.: Maldetect: An Android malware detection system based on abstraction of dalvik instructions. J. Comput. Res. Dev. 53(10), 2299–2306 (2016)

    MathSciNet  Google Scholar 

  11. Miao, X.C., Wang, R., Xu, L., Zhang, W.F., Xu, B.W.: Security analysis for Android applications using sensitive path identification. J. Softw. 28(9), 2248–2263 (2017)

    Google Scholar 

  12. Kumar, A., Kuppusamy, K.S., Aghila, G.: FAMOUS: Forensic analysis of mobile devices using scoring of application permissions. Future Gener. Comput. Syst. 83, 158–172 (2018)

    Article  Google Scholar 

  13. Varsha, M.V., Vinod, P., Dhanya, K.A.: Identification of malicious Android app using manifest and opcode features. J. Comput. Virol. Hacking Tech. 13(2), 125–138 (2017)

    Article  Google Scholar 

  14. The Drebin Dataset. http://www.sec.cs.tu-bs.de/~danarp/drebin/index.html. Accessed 30 Apr 2018

  15. Scikit-learn. http://scikit-learn.org/stable/. Accessed 30 Apr 2018

Download references

Acknowledgements

This work is supported by the Special Funds for Discipline and Specialty Construction of Guangdong Higher Education Institutions (2016KTSCX040).

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Shantou University, 243 Daxue Road, Shantou, Guangdong, China

    Zhi Xiong, Ting Guo, Qinkun Zhang, Yu Cheng & Kai Xu

Authors
  1. Zhi Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ting Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qinkun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kai Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhi Xiong .

Editor information

Editors and Affiliations

  1. The Hong Kong Polytechnic University, Hong Kong, China

    Man Ho Au

  2. The University of Hong Kong, Hong Kong, China

    Siu Ming Yiu

  3. Guangzhou University, Guangzhou, China

    Jin Li

  4. The Hong Kong Polytechnic University, Hong Kong, China

    Xiapu Luo

  5. City University of Hong Kong, Hong Kong, China

    Cong Wang

  6. University of Salerno and University of Naples Federico II, Fisciano, Italy

    Aniello Castiglione

  7. CISPA Helmholtz Center i.G. GmbH, Saarbrücken, Germany

    Kamil Kluczniak

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xiong, Z., Guo, T., Zhang, Q., Cheng, Y., Xu, K. (2018). Android Malware Detection Methods Based on the Combination of Clustering and Classification. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02744-5_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02743-8

  • Online ISBN: 978-3-030-02744-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation