Abstract
Given the widespread use of the Android OS on cellphones and the fact that Android applications can be downloaded from third party sources, it is crucially important to be able to accurately detect which of these may be malicious. In this paper we incorporate several new features related to resource utilization and introduce multi-valued (as opposed to binary) features. We study the impact of these augmentations on accuracy of malware detection. We compare various feature selection algorithms including Extra Tree and Recursive Feature Elimination. We also employ and compare a variety of classification algorithms ranging from Neural Network to Random Forest and XGBoost. Our experiments targeting over 3000 applications show that the enhanced static-dynamic analysis reduces the false positive rate by 25% and the false negative rate by 20%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The Next Web: Android malware spreads like wildfire: 350 new malicious apps every hour. https://thenextweb.com/apps/2017/05/04/android-350-malware-apps-hour/#.tnw_744We84m. Accessed 7 Aug 2017
Chi2 Feature Selection. https://nlp.stanford.edu/IR-book/html/htmledition/feature-selectionchi2-feature-selection-1.html. Accessed 7 Aug 2017
Yin, S., Jiang, Z.: A variance-mean based feature selection in text classification. In: First International Workshop on Education Technology and Computer Science, Wuhan, Hubei, pp. 519–522 (2009)
Peng, S., Liu, X., Yu, J., Wan, Z., Peng, X.: A new implementation of recursive feature elimination algorithm for gene selection from microarray data. In: WRI World Congress on Computer Science and Information Engineering, Los Angeles, CA, pp. 665–669 (2009)
Vapnik, V.: The support vector method of function estimation. In: Nonlinear Modeling: Advanced Black-Box Techniques, pp. 55–86 (1998)
Geurts, P., Ernst, D., Wehenkel, L.: Extremely randomized trees. Mach. Learn. 63(1), 3–42 (2006)
Quinlan, J.R.: Decision trees and decision-making. IEEE Trans. Syst. Man Cybern. 20(2), 339–346 (1990)
Haykin, S.: Neural Networks: A Comprehensive Foundation (1998)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Chen, T., Guestrin, C.: XGBoost: A Scalable Tree Boosting System, CoRR (2016)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, San Francisco, CA, pp. 95–109 (2012)
Grace, M.C., Zhou, W., Jiang, X., Sadeghi, A.-R.: Unsafe exposure analysis of mobile in-app advertisements. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 101–112 (2012)
Fereidooni, H., Conti, M., Yao, D., Sperduti, A.: ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications. In: 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Larnaca, pp. 1–5 (2016)
Unuchek, R., Chebyshev, V.: Mobile Malware Evolution. AO Kapersky Lab (2015)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS 2012, vol. 25, no. 4, pp. 50–52 (2012)
Virustotal.com: VirusTotal - Free Online Virus, Malware and URL Scanner. https://www.virustotal.com/en/. Accessed 7 Aug 2017
Zheng, M., Sun, M., Lui, J.C.: DroidAnalytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, pp. 163–171 (2013)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294. ACM (2012)
Desnos, A., Gueguen, G.: Android: from reversing to decompilation. In: Proceedings of Black Hat, Abu Dhabi, pp. 77–101 (2011)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., CERT Siemens: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS (2014)
Lu, Y., Zulie, P., Jingju, L., Yi, S.: Android malware detection technology based on improved Bayesian classification. In: Third International Conference on Instrumentation, Measurement, Computer, Communication and Control, Shenyang, pp. 1338–1341 (2013)
Chan, P.P., Song, W.K.: Static detection of Android malware by using permissions and API calls. In: International Conference on Machine Learning and Cybernetics, Lanzhou, pp. 82–87 (2014)
Dash, S.K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., Cavallaro, L.: DroidScribe: classifying android malware based on runtime behavior. In: IEEE Security and Privacy Workshops (SPW), San Jose, CA, pp. 252–261 (2016)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011)
Mas’ud, M.Z., Sahib, S., Abdollah, M.F., Selamat, S.R., Yusof, R.: Analysis of features selection and machine learning classifier in android malware detection. In: International Conference on Information Science and Applications (ICISA), Seoul, pp. 1–5 (2014)
Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: versatile protection for smartphones. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 347–356 (2010)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5:1–5:29 (2014)
Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secure Comput. (2016)
Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app classification through static and dynamic analysis. In: IEEE 39th Annual Computer Software and Applications Conference, Taichung, pp. 422–433 (2015)
Damshenas, M., Dehghantanha, A., Choo, K.K.R., Mahmud, R.: M0droid: an android behavioral-based malware detection model. J. Inf. Priv. Secur. 11(3), 141–157 (2015)
Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 241–252 (2012)
GitHub. pjlantz/droidbox. https://github.com/pjlantz/droidbox. Accessed 7 Aug 2017
Arora, A., Peddoju, S. K.: Minimizing network traffic features for Android mobile malware detection. In: Proceedings of the 18th International Conference on Distributed Computing and Networking, p. 32. ACM (2017)
ContagioDump. http://contagiodump.blogspot.com. Accessed 5 Aug 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Rai, S., Dhanesha, R., Nahata, S., Menezes, B. (2017). Malicious Application Detection on Android Smartphones with Enhanced Static-Dynamic Analysis. In: Shyamasundar, R., Singh, V., Vaidya, J. (eds) Information Systems Security. ICISS 2017. Lecture Notes in Computer Science(), vol 10717. Springer, Cham. https://doi.org/10.1007/978-3-319-72598-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-72598-7_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72597-0
Online ISBN: 978-3-319-72598-7
eBook Packages: Computer ScienceComputer Science (R0)