Skip to main content
SpringerLink
Log in

Network-based detection of Android malicious apps

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Users leverage mobile devices for their daily Internet needs by running various mobile applications (apps) such as social networking, e-mailing, news-reading, and video/audio streaming. Mobile device have become major targets for malicious apps due to their heavy network activity and is a research challenge in the current era. The majority of the research reported in the literature is focused on host-based systems rather than the network-based; unable to detect malicious activities occurring on mobile device through the Internet. This paper presents a detection app model for classification of apps. We investigate the accuracy of various machine learning models, in the context of known and unknown apps, benign and normal apps, with or without encrypted message-based app, and operating system version independence of classification. The best resulted machine learning(ML)-based model is embedded into the detection app for efficient and effective detection. We collect a dataset of network activities of 18 different malware families-based apps and 14 genuine apps and use it to develop ML-based detectors. We show that, it is possible to detect malicious app using network traces with the traditional ML techniques, and results revealed the accuracy (95–99.9 %) in detection of apps in different scenarios. The model proposed is proved efficient and suitable for mobile devices. Due to the widespread penetration of Android OS into the market, it has become the main target for the attackers. Hence, the proposed system is deployed on Android environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013). doi:10.1016/j.cose.2012.11.004

    Article  Google Scholar 

  2. Chebyshev, V., Unuchek, R.: Mobile Malware Evolution: 2013 (2013)

  3. Cisco: Cisco 2014 Annual Security Report (2014)

  4. Yajin, Z., Xuxian, J.: Dissecting Android Malware: Characterization and Evolution. In: Security and Privacy (SP), 2012 IEEE Symposium on, 20-23 May 2012 2 (pp. 95–109). doi:10.1109/sp.2012.16

  5. Damballa: Damballa Threat Report—First Half 2011 (2011)

  6. Baliga, A., Coskun, B.: Mobile botnet mitigation. Google Patents, US (2012)

  7. La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013). doi:10.1109/surv.2012.013012.00028

    Article  Google Scholar 

  8. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In: NDSS (2012)

  9. Michael, G., Yajin, Z., Qiang, Z., Shihong, Z., Xuxian, J.: RiskRanker: scalable and accurate zero-day android malware detection. In: Paper presented at the proceedings of the 10th international conference on mobile systems, applications, and services, Low Wood Bay, Lake District, UK (2012)

  10. Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious android applications. Future Gener. Comput. Syst. 36, 122–132 (2014). doi:10.1016/j.future.2013.09.014

    Article  Google Scholar 

  11. Luke, D., Vivek, N., Arun, L.: DroidLegacy: automated familial classification of android malware. In: Paper presented at the proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, San Diego, CA, USA (2014)

  12. Lin, YD., Lai, YC., Chen, C.-H., Tsai, HC.: Identifying android malicious repackaged applications by thread-grained system call sequences. Comput. Secur. 39, Part B(0), 340–350 (2013) doi:10.1016/j.cose.2013.08.010

  13. Seo, S.H., Gupta, A., Mohamed Sallam, A., Bertino, E., Yim, K.: Detecting mobile malware threats to homeland security through static analysis. J. Netw. Comput. Appl. 38, 43–53 (2014). doi:10.1016/j.jnca.2013.05.008

    Article  Google Scholar 

  14. Wei, W., Xing, W., Dawei, F., Jiqiang, L., Zhen, H., Xiangliang, Z.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014). doi:10.1109/tifs.2014.2353996

    Article  Google Scholar 

  15. Sheen, S., Anitha, R., Natarajan, V.: Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing, 151, Part 2(0), 905–912 (2015) doi:10.1016/j.neucom.2014.10.004

  16. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, D.C.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of NDSS (2014)

  17. Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B., Elovici, Y.: Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 43, 1–18 (2014)

    Article  Google Scholar 

  18. Feizollah, A., Anuar, N.B., Salleh, R., Amalina, F., Ma’arof, RuR, Shamshirband, S.: A study of machine learning classifiers for anomaly-based mobile botnet detection. Malays. J. Comput. Sci. 26(4) (2013)

  19. Narudin, F.A., Feizollah, A., Anuar, N.B., Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft Comput 20(1), 343–357 (2016)

  20. Chen, P.S., Lin, S.-C., Sun, C.-H.: Simple and effective method for detecting abnormal internet behaviors of mobile devices. Inf. Sci. (NY) 321, 193–204 (2015)

    Article  Google Scholar 

  21. Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: Next generation mobile apps, services and technologies (NGMAST), 2014 eighth international conference on, 10–12 September 2014 (pp. 66–71). doi:10.1109/ngmast.2014.57

  22. Garg, S., Sarje, A., Peddoju, S.: Improved detection of P2P botnets through network behavior analysis. In: Recent trends in computer networks and distributed systems security (vol. 420, pp. 334–345, communications in computer and information science) Springer Berlin Heidelberg (2014)

  23. Huang, C.Y.: Effective bot host detection based on network failure models. Comput. Netw. 57(2), 514–525 (2013). doi:10.1016/j.comnet.2012.07.018

    Article  Google Scholar 

  24. Garg, S., Sarje, A., Peddoju, S.: Network traffic analysis of zeroaccess bot. In: 2014 BigData/SocialCom/CyberSecurity-Stanford. Academy of Science and Engineering (ASE), USA (2014)

  25. Garg, S., Singh, A.K., Sarje, A.K., Peddoju, S.K.: Behaviour analysis of machine learning algorithms for detecting P2P botnets. In: Advanced computing technologies (ICACT), 2013 15th international conference on, 21–22 September 2013 (pp. 1–4). doi:10.1109/icact.2013.6710523

  26. Saad, S., Traore, I., Ghorbani, A., Sayed, B., Zhao, D., Lu, W., et al.: Detecting P2P botnets through network behavior analysis and machine learning. In: 2011 ninth annual international conference on privacy, security and trust (PST’11), 19–21 July 2011 (pp. 174–180). doi:10.1109/pst.2011.5971980

  27. Passeri, P.: One year of android malware (Full List). http://hackmageddon.com/tag/android-jsmshider/ (2011)

  28. Zhou, Y., Jiang, X.: An analysis of the anserverbot trojan. NQ Mobile Security Research Center, Technical report (2011)

  29. Garg, S., Peddoju, S.K., Sarje, A.K.: Scalable P2P bot detection system based on network data stream. Peer-to-Peer Networking and Applications, 1–17. (in press) (2016). doi:10.1007/s12083-016-0440-9

Download references

Acknowledgments

The work in this paper is partially supported by the grant offered by RailTel Telecom Center of Excellence with grant code RCI-763(3)-ECD and IBM with grant code IBM-741-ECD. We are thankful to Anshul Arora for his help to collect the network traces during experiments. We would like to thank Yajin Zhou and Xuxian Jiang, Department of Computer Science, North Carolina State University for providing us the malware dataset for experimentation.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Roorkee, Roorkee, 247667, India

    Shree Garg, Sateesh K. Peddoju & Anil K. Sarje

Authors
  1. Shree Garg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sateesh K. Peddoju
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anil K. Sarje
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shree Garg.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Garg, S., Peddoju, S.K. & Sarje, A.K. Network-based detection of Android malicious apps. Int. J. Inf. Secur. 16, 385–400 (2017). https://doi.org/10.1007/s10207-016-0343-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-016-0343-z

Keywords

Search

Navigation