Abstract
The increasing amount and diversity of malicious applications are reducing efficiency of conventional defenses and it is necessary to create novel method for detection. Consequently, we propose PCSD, a lightweight tool for detection of Android malware by extracting statistical features from applications. As the influence of individual difference, PCSD performs cluster algorithm to reduce particularity. Meanwhile, it minimizes effect of random cluster by selecting cluster, which has minimum volatility on size per cluster, for improving detection accuracy. In our work, we collect statistical features from 5,553 malicious applications and 3,000 benign applications and build train model for detecting on the basis of different machine learning algorithms, like Bayesian ridge, Random forests, etc. Our results show that accuracy is 99.02% and AUC (Area Under Curve) is 99.51% in experiment. These results demonstrate the efficacy of PCSD to distinguish malicious and benign android applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, pp. 2301–2306 (2014)
Huang, C.Y., Tsai, Y.T., Hsu, C.H.: Performance evaluation on permission-based detection for Android malware. In: Pan, J.S., Yang, C.N., Lin, C.C. (eds.) Advances in Intelligent Systems and Applications - Volume 2. SIST, vol. 21, pp. 111–120. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35473-1_12
Aung, Z., Zaw, W.: Permission-based android malware detection. Int. J. Sci. Technol. Res. 2, 228–234 (2013)
Shen, T., Zhongyang, Y., Xin, Z., Mao, B., Huang, H.: Detect Android malware variants using component based topology graph. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, pp. 406–413 (2014)
Li, L., et al.: IccTA: detecting inter-component privacy leaks in Android apps. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Florence, pp. 280–291 (2015)
Hoffmann, J., Ussath, M., Holz, T., Spreitzenbarth, M.: Slicing droids: program slicing for smali code. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC 2013), pp. 1844–1851. ACM, New York (2013)
Tang, J., et al.: NIVAnalyzer: a tool for automatically detecting and verifying next-intent vulnerabilities in Android apps. In: 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST), Tokyo, pp. 492–499 (2017)
Tam, K., Khan, S.J., Fattori, A., et al.: CopperDroid: automatic reconstruction of Android malware behaviors. In: NDSS (2015)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI 2010), pp. 393–407. USENIX Association, Berkeley, CA, USA (2010)
Liu, X., Liu, J.: A two-layered permission-based Android malware detection scheme. In: 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, Oxford, pp. 142–148 (2014)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: permission usage to detect malware in Android. In: Herrero, Á., et al. (eds.) International Joint Conference CISIS’12-ICEUTE’12-SOCO’12 Special Sessions. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-33018-6_30
Li, L., Bartel, A., Klein, J., Traon, Y.L.: Automatically exploiting potential component leaks in Android applications. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, pp. 388–397 (2014)
Xu, K., Li, Y., Deng, R.H.: ICCDetector: ICC-based malware detection on Android. IEEE Trans. Inf. Forensics Secur. 11(6), 1252–1264 (2016)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys 2011), pp. 239–252. ACM, New York (2011)
Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security, Tokyo, pp. 62–69 (2012)
Yerima, S.Y., Sezer, S., McWilliams, G., Muttik, I.: A new Android malware detection approach using Bayesian classification. In: 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), Barcelona, pp. 121–128 (2013)
Arp, D., Spreitzenbarth, M., Hubner, M., et al.: DREBIN: effective and explainable detection of Android malware in your pocket. In: NDSS (2014)
Sahs, J., Khan, L.: A machine learning approach to Android malware detection. In: 2012 European Intelligence and Security Informatics Conference, Odense, pp. 141–147 (2012)
Sharma, A., Dash, S.K.: Mining API calls and permissions for android malware detection. In: Cryptology and Network Security, pp. 191–205 (2014)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 15–26. ACM, New York (2011)
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICSSITE, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6
Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-Sec: deep learning in android malware detection. In: SIGCOMM Computer Communication Review, vol. 44, no. 4, pp. 371–372 (2014)
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC 2013), pp. 1808–1815. ACM, New York (2013)
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., van der Veen, V., Platzer, C.: ANDRUBIS – 1,000,000 apps later: a view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), Wroclaw, pp. 3–17 (2014)
A tool for reverse engineering Android APK files. https://ibotpeaches.github.io/Apktool/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Leng, B., Li, J., Xu, Y., She, L., Gao, W., Zeng, Q. (2017). PCSD: A Tool for Android Malware Detection. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-72389-1_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72388-4
Online ISBN: 978-3-319-72389-1
eBook Packages: Computer ScienceComputer Science (R0)