Skip to main content
SpringerLink
Log in

AndroShow: A Large Scale Investigation to Identify the Pattern of Obfuscated Android Malware

  • Chapter
  • First Online:
Machine Intelligence and Big Data Analytics for Cybersecurity Applications

Part of the book series: Studies in Computational Intelligence ((SCI,volume 919))

Abstract

This paper represents a static analysis based research of android’s feature in obfuscated android malware. Android smartphone’s security and privacy of personal information remain threatened because of android based device popularity. It has become a challenging and diverse area to research in information security. Though malware researchers can detect already identified malware, they can not detect many obfuscated malware. Because, malware attackers use different obfuscation techniques, as a result many anti malware engines can not detect obfuscated malware applications. Therefore, it is necessary to identify the obfuscated malware pattern made by attackers. A large-scale investigation has been performed in this paper by developing python scripts, named it AndroShow, to extract pattern of permission, app component, filtered intent, API call and system call from an obfuscated malware dataset named Android PRAGuard Dataset. Finally, the patterns in a matrix form have been found and stored in a Comma Separated Values (CSV) file which will be the base of detecting the obfuscated malware in future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Operating system market share worldwide. https://gs.statcounter.com/os-market-share

  2. Sen S, Aysan AI, Clark JA (2018) SAFEDroid: using structural features for detecting Android malware. In: Security and privacy in communication networks: SecureComm 2017 international workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, 22–25 Oct 2017. Proceedings 13. Springer, pp 255–270

    Google Scholar 

  3. Alazab M, Broadhurst R (2016) Spam and criminal activity. Trends Issues Crime Criminal Just (Aust Inst Criminol) 52

    Google Scholar 

  4. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens CERT (2014) DREBIN: effective and explainable detection of android malware in your pocket. NDSS 14:23–26

    Google Scholar 

  5. Saracino A, Sgandurra D, Dini G, Martinelli F (2016) Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Depend Secure Comput

    Google Scholar 

  6. Number of smartphones sold to end users worldwide from 2007 to 2020. https://www.statista.com/statistics/263437/global-smartphone-salesto-end-users-since-2007/

  7. Huda S, Abawajy J, Alazab M, Abdollalihian M, Islam R, Yearwood J (2016) Hybrids of support vector machine wrapper and filter based framework for malware detection. Future Gener Comput Syst 55:376–390

    Article  Google Scholar 

  8. Reina A, Fattori A, Cavallaro L (2013) A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. EuroSec

    Google Scholar 

  9. Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550

    Article  Google Scholar 

  10. Alazab M (2015) Profiling and classifying the behavior of malicious codes. J Syst Softw 100:91–102

    Article  Google Scholar 

  11. Gibler C, Crussell J, Erickson J, Chen H (2012) AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: International conference on trust and trustworthy computing. Springer, Berlin, Heidelberg, pp 291–307

    Google Scholar 

  12. Backes M, Gerling S, Hammer C, Maffei M, von Styp-Rekowsky P (2014) AppGuard–Fine-grained policy enforcement for untrusted Android applications. Data privacy management and autonomous spontaneous security. Springer, Berlin, Heidelberg, pp 213–231

    Chapter  Google Scholar 

  13. Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi AR, Shastry B (2012) Towards taming privilege-escalation attacks on android. In: NDSS, vol 17, p 19

    Google Scholar 

  14. Viswanath H, Mehtre BM (2018) U.S. Patent No. 9,959,406. U.S. Patent and Trademark Office, Washington, DC

    Google Scholar 

  15. Zhong X, Zeng F, Cheng Z, Xie N, Qin X, Guo S (2017) Privilege escalation detecting in android applications. In: 2017 3rd international conference on big data computing and communications (BIGCOM). IEEE, pp 39–44

    Google Scholar 

  16. Aafer Y, Du W, Yin H (2013) Droidapiminer: mining API-level features for robust malware detection in android. In: International conference on security and privacy in communication systems. Springer, Cham, pp 86–103

    Google Scholar 

  17. Demontis A, Melis M, Biggio B, Maiorca D, Arp D, Rieck K, Corona I, Giacinto G, Roli F (2017) Yes, machine learning can be more secure! A case study on Android malware detection. IEEE Trans Depend Secure Comput

    Google Scholar 

  18. Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):6

    Article  Google Scholar 

  19. Papadopoulos H, Georgiou N, Eliades C, Konstantinidis A (2017) Android malware detection with unbiased confidence guarantees. Neurocomputing

    Google Scholar 

  20. Shabtai A, Moskovitch R, Elovici Y, Glezer C (2009) Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf Secur Tech Rep 14(1):16–29

    Article  Google Scholar 

  21. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26

    Google Scholar 

  22. Fereidooni H, Moonsamy V, Conti M, Batina L (2016) Efficient classification of android malware in the wild using robust static features. Protecting mobile networks and devices: challenges and solutions, p 181

    Google Scholar 

  23. Permissions overview. https://developer.android.com/guide/topics/permissions/o-verview

  24. Huang, C-Y, Tsai Y-T, Hsu C-H (2013) Performance evaluation on permission-based detection for android malware. Advances in intelligent systems and applications, vol 2. Springer, Berlin, Heidelberg, pp 111–120

    Google Scholar 

  25. Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM conference on computer and communications security, pp 627–638

    Google Scholar 

  26. Arslan RS, Dogru IA, Barişçi N (2019) Permission-based malware detection system for android using machine learning techniques. Int J Softw Eng Knowl Eng 29(01):43–61

    Article  Google Scholar 

  27. Yildiz O, Dogru IA (2019) Permission-based android malware detection system using feature selection with genetic algorithm. Int J Softw Eng Knowl Eng 29(02):245–262

    Article  Google Scholar 

  28. Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inform 14(7):3216–3225

    Article  Google Scholar 

  29. Arora A, Peddoju SK, Conti M (2019) PermPair: android malware detection using permission pairs. IEEE Trans Inf Forens Secur 15:1968–1982

    Article  Google Scholar 

  30. Arora A, Peddoju SK (2018) NTPDroid: a hybrid android malware detector using network traffic and system permissions. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE). IEEE, pp 808–813

    Google Scholar 

  31. Şahın DO, Kural OE, Akleylek S, Kiliç E (2018) New results on permission based static analysis for Android malware. In 2018 6th international symposium on digital forensic and security (ISDFS). IEEE, pp 1–4

    Google Scholar 

  32. Wang C, Xu Q, Lin X, Liu S (2018) Research on data mining of permissions mode for Android malware detection. Cluster Comput 22:13337–13350

    Article  Google Scholar 

  33. Motiur Rahman SSM, Saha SK, (2019) StackDroid: evaluation of a multi-level approach for detecting the malware on android using stacked generalization. In: Santosh K, Hegadi R (eds) Recent trends in image processing and pattern recognition. RTIP2R 2018. Communications in computer and information science, vol 1035. Springer, Singapore

    Google Scholar 

  34. Rana MS, Rahman SS, Sung AH (2018) Evaluation of tree based machine learning classifiers for android malware detection. In: International conference on computational collective intelligence. Springer, Cham, pp 377–385

    Google Scholar 

  35. App components. https://developer.android.com/guide/components/fundamentals

  36. Wang X, Zhang D, Su X, Li W (2017) Mlifdect: android malware detection based on parallel machine learning and information fusion. Secur Commun Netw 2017

    Google Scholar 

  37. Android—application components. https://www.tutorialspoint.com/android/an-droid application components.htm

  38. Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP (2012) Droidmat: android malware detection through manifest and API calls tracing. In: 2012 seventh Asia joint conference on information security. IEEE, pp 62–69

    Google Scholar 

  39. Kim T, Kang B, Rho M, Sezer S, Im EG (2018) A multimodal deep learning method for android malware detection using various features. IEEE Trans Inf Forens Secur 14(3):773–788

    Article  Google Scholar 

  40. Shen T, Zhongyang Y, Xin Z, Mao B, Huang H (2014) Detect android malware variants using component based topology graph. In: 2014 IEEE 13th international conference on trust, security and privacy in computing and communications. IEEE, pp 406–413

    Google Scholar 

  41. Li C, Mills K, Niu D, Zhu R, Zhang H, Kinawi H (2019) Android malware detection based on factorization machine. IEEE Access 7:184008–184019

    Article  Google Scholar 

  42. Rana MS, Gudla C, Sung AH (2018) Evaluating machine learning models for android malware detection: a comparison study. In: Proceedings of the 2018 VII international conference on network, communication and computing. ACM, pp 17–21

    Google Scholar 

  43. Android developers, intents and intent filters. https://developer.android.com/guide/components/Intents-filters

  44. Xu K, Li Y, Deng RH (2016) Iccdetector: ICC-based malware detection on android. IEEE Trans Inf Forens Secur 11(6):1252–1264

    Article  Google Scholar 

  45. Elish KO, Yao D, Ryder BG (2015) On the need of precise inter-app ICC classification for detecting Android malware collusions. In: Proceedings of IEEE mobile security technologies (MoST), in conjunction with the IEEE symposium on security and privacy

    Google Scholar 

  46. Feng Y, Anand S, Dillig I, Aiken (2014) Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering. ACM, pp 576–587

    Google Scholar 

  47. Feizollah A, Anuar NB, Salleh R, Suarez-Tangil G, Furnell S (2017) Androdialysis: analysis of android intent effectiveness in malware detection. Comput Secur 65:121–134

    Article  Google Scholar 

  48. Li L, Bartel A, Bissyandé TF, Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P (2015) Iccta: detecting inter-component privacy leaks in android apps. In: Proceedings of 60 \(\copyright \)Daffodil International University the 37th international conference on software engineering, vol 1. IEEE Press, pp 280–291

    Google Scholar 

  49. Li L, Bartel A, Klein J, Le Traon Y (2014) Automatically exploiting potential component leaks in android applications. In: 2014 IEEE 13th international conference on trust, security and privacy in computing and communications. IEEE, pp 388–397

    Google Scholar 

  50. What exactly IS an API? https://medium.com/@perrysetgo/what-exactly-is-an-API-69f36968a41f

  51. Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th international conference on tools with artificial intelligence. IEEE, pp 300–305

    Google Scholar 

  52. Seo SH, Gupta A, Sallam AM, Bertino E, Yim K (2014) Detecting mobile malware threats to homeland security through static analysis. J Netw Comput Appl 38:43–53

    Article  Google Scholar 

  53. Yang M, Wang S, Ling Z, Liu Y, Ni Z (2017) Detection of malicious behavior in android apps through API calls and permission uses analysis. Concurr Comput: Pract Exp 29(19):e4172

    Article  Google Scholar 

  54. Skovoroda A, Gamayunov D (2017) Automated static analysis and classification of Android malware using permission and API calls models. In: 2017 15th annual conference on privacy, security and trust (PST). IEEE, pp 243–24309

    Google Scholar 

  55. Shen F, Del Vecchio J, Mohaisen A, Ko SY, Ziarek L (2018) Android malware detection using complex-flows. IEEE Trans Mob Comput

    Google Scholar 

  56. Ghani SMA, Abdollah MF, Yusof R, Mas’ud MZ (2015) Recognizing API features for malware detection using static analysis. J Wirel Netw Commun 5(2A):6–12

    Google Scholar 

  57. Malik S, Khatter K (2016) System call analysis of android malware families. Indian J Sci Technol 9(21)

    Google Scholar 

  58. Dimjaševic M, Atzeni S, Ugrina I, Rakamaric Z (2015) Android malware detection based on system calls. Tech. Rep, University of Utah

    Google Scholar 

  59. Firdaus A, Anuar NB (2015) Root-exploit malware detection using static analysis and machine learning. In: Proceedings of the fourth international conference on computer science & computational mathematics (ICCSCM 2015). Langkawi, Malaysia, pp 177–183

    Google Scholar 

  60. Da C, Hongmei Z, Xiangli Z (2016) Detection of Android malware security on system calls. In: 2016 IEEE advanced information management, communicates, electronic and automation control conference (IMCEC). IEEE, pp 974–978

    Google Scholar 

  61. Kedziora M, Gawin P, Szczepanik M, Jozwiak I (2018) Android malware detection using machine learning and reverse engineering. Comput Sci Inf Technol (CS&IT) 95–107

    Google Scholar 

  62. Tchakounté F, Dayang P (2013) System calls analysis of malware on android. Int J Sci Technol 2(9):669–674

    Google Scholar 

  63. Wahanggara V, Prayudi Y (2015) Malware detection through call system on android smartphone using vector machine method. In: 2015 fourth international conference on cyber security, cyber warfare, and digital forensic (CyberSec). IEEE, pp 62–67

    Google Scholar 

  64. Maiorca D, Ariu D, Corona I, Aresu M, Giacinto G (2015) Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput Secur 51:16–31

    Article  Google Scholar 

  65. Rastogi V, Chen Y, Jiang X (2013) Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security. ACM, pp 329–334

    Google Scholar 

  66. Android PRAGuard Dataset. http://pralab.diee.unica.it/en/AndroidPRAGuardD-ataset

  67. MalGenome. http://www.malgenomeproject.org/

  68. Contagio. http://contagiominidump.blogspot.com/

  69. Androguard. https://github.com/androguard/androguard

Download references

Author information

Authors and Affiliations

  1. Department of Software Engineering, Daffodil International University, Dhaka, Bangladesh

    Md. Omar Faruque Khan Russel & Sheikh Shah Mohammad Motiur Rahman

  2. College of Engineering, IT and Environment, Charles Darwin University, Darwin, Australia

    Mamoun Alazab

Authors
  1. Md. Omar Faruque Khan Russel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sheikh Shah Mohammad Motiur Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mamoun Alazab
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md. Omar Faruque Khan Russel .

Editor information

Editors and Affiliations

  1. Sultan Moulay Slimane University, Beni Mellal, Morocco

    Yassine Maleh

  2. Institute for Communication Systems, University of Surrey, Guildford, UK

    Mohammad Shojafar

  3. Charles Darwin University, Darwin, NT, Australia

    Mamoun Alazab

  4. Chouaib Doukkali University El Jadida, El Jadida, Morocco

    Youssef Baddi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Russel, M.O.F.K., Rahman, S.S.M.M., Alazab, M. (2021). AndroShow: A Large Scale Investigation to Identify the Pattern of Obfuscated Android Malware. In: Maleh, Y., Shojafar, M., Alazab, M., Baddi, Y. (eds) Machine Intelligence and Big Data Analytics for Cybersecurity Applications. Studies in Computational Intelligence, vol 919. Springer, Cham. https://doi.org/10.1007/978-3-030-57024-8_8

Download citation

Publish with us

Policies and ethics

Search

Navigation