Multimedia Tools and Applications

, Volume 78, Issue 3, pp 3529–3552 | Cite as

A novel approach for mobile malware classification and detection in Android systems

  • Qingguo Zhou
  • Fang Feng
  • Zebang Shen
  • Rui Zhou
  • Meng-Yen Hsieh
  • Kuan-Ching LiEmail author


With the increasing number of malicious attacks, the way how to detect malicious Apps has drawn attention in mobile technology market. In this paper, we proposed a detection model to seek and track malware Apps actions in such devices. To characterize the behaviors of Apps, dynamic features of each App were constrained in 166-dimension and a novel machine learning classifier is employed to detect malware Apps, and alarm will be triggered if an Android-based App is detected as malicious. With such, we can avoid a detected malware spreading out in larger scale, affecting extensively our society. Detailed description of the detection model is provided, as well the core technologies of this novel machine learning classifier are presented. From experiments performed on a set of Android-based malware and benign Apps, we observe that the proposed classification algorithm achieves highest accuracy, true-positive rate, false-positive rate, precision, recall, f-measure in comparison to other methods as K-Nearest Neighbor (KNN), Naive Bayesian (NB), Support Vector Machine (SVM), Random Forest (RF), Logistic Regression (LR), Decision tree (DT), Linear Discriminant Analysis (LDA) and Back Propagation (BP). The proposed detection model is promising and can effectively be applied to Android malware detection, providing early detection and the prospect of warning users of threatens ahead.


Security Mobile malware detection System call Innovative classification algorithm Dynamic analysis 



This work was supported by Ministry of Education - China Mobile Research Foundation under Grant No. MCM20170206, The Fundamental Research Funds for the Central Universities under Grant No. lzujbky-2018-k12, National Natural Science Foundation of China under Grant No. 61402210 and 60973137, Major National Project of High Resolution Earth Observation System under Grant No. 30-Y20A34-9010-15/17, State Grid Corporation Science and Technology Project under Grant No. SGGSKY00FJJS1700302, Program for New Century Excellent Talents in University under Grant No. NCET-12-0250, Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No. XDA03030100, Google Research Awards and Google Faculty Award.


  1. 1.
    360 home (2017) Android malware special report in 2016. Available online: Last accessed on 8 Feb 2018
  2. 2.
    Alzaylaee MK, Yerima SY, Sezer S (2017) EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning. ACM on International Workshop on Security and Privacy Analytics, ACM, p 65–72Google Scholar
  3. 3.
    Barrera D, Oorschot PCV, Somayaji A (2010) A methodology for empirical analysis of permission-based security models and its application to Android. In: CCS 2010: Proceedings of the 17th ACM Conference on Computer and Communications Security 3:73–84Google Scholar
  4. 4.
    Chan PPF, Hui LCK, Yiu SM (2012) DroidChecker: analyzing android applications for capability leak. ACM, p 125–136Google Scholar
  5. 5.
    Chen H, Zhao H, Shen J, Zhou R, Zhou Q (2015) Supervised machine learning model for high dimensional gene data in colon cancer detection. IEEE International Congress on Big Data. IEEE, p 134–141Google Scholar
  6. 6.
    Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in Android. International Conference on Mobile Systems, Applications, and Services. ACM, vol. 269, p 239–252Google Scholar
  7. 7.
    Das S, Liu Y, Zhang W, Chandramohan M (2017) Semantics-based online malware detection: towards efficient real-time protection against malware. IEEE Trans Inf Forensics Secur 11(2):289–302CrossRefGoogle Scholar
  8. 8.
    Elish KO, Shu X, Yao D, Ryder BG, Jiang X (2015) Profiling user-trigger dependence for android malware detection. Comput Secur 49:255–273CrossRefGoogle Scholar
  9. 9.
    Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: CCS 09: Proceedings of the 16th ACM conference on Computer and communications security, p 235–245Google Scholar
  10. 10.
    Eskandari M, Hashemi S (2012) A graph mining approach for detecting unknown malwares. J Vis Lang Comput 23(3):154–162CrossRefGoogle Scholar
  11. 11.
    Fei T, Zheng Y (2016) A hybrid approach of mobile malware detection in Android. J Parallel Distrib Comput 103:22–31Google Scholar
  12. 12.
    Felt AP, Greenwood K, Wagner D (2011) The effectiveness of application permissions. Usenix Conference on Web Application Development. vol. 364, p 7–7Google Scholar
  13. 13.
    G DATA (2015) Mobile malware report, Available online: Accessed 10 July 2015
  14. 14.
    Intrusion detection system (2017) Available online: Accessed 17 Oct 2017
  15. 15.
    Isohara T, Takemori K, Kubota A (2012) Kernel-based behavior analysis for android malware detection. Seventh International Conference on Computational Intelligence and Security. IEEE, vol. 46, p 1011–1015Google Scholar
  16. 16.
    Lin YD, Lai YC, Chen CH, Tsai HC (2013) Identifying android malicious repackaged applications by thread-grained system call sequences. Comput Secur 39(39):340–350CrossRefGoogle Scholar
  17. 17.
    Mahindru A, Singh P (2017) Dynamic permissions based android malware detection using machine learning techniques. Innovations in Software Engineering Conference. ACM, p 202–210Google Scholar
  18. 18.
    Mylonas A, Gritzalis D (2012) Book review: practical malware analysis: the hands-on guide to dissecting malicious software. Elsevier Advanced Technology PublicationsGoogle Scholar
  19. 19.
    Ripley BD (2008) Pattern recognition and neural networks, 1st edn. Cambridge University Press, CambridgezbMATHGoogle Scholar
  20. 20.
    Sato R, Chiba D, Goto S (2013) Detecting android malware by analyzing manifest files. Asia Pacific Advanced Network. vol. 36, p 23Google Scholar
  21. 21.
    Shabtai A (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190CrossRefGoogle Scholar
  22. 22.
    Smartphone OS Market Share (2017) Available online: Accessed 17 Oct 2017
  23. 23.
    Sohr K, Mustafa T, Nowak A (2011) Software security aspects of Java-based mobile phones. ACM Symposium on Applied Computing. DBLP, p 1494–1501Google Scholar
  24. 24.
    Statista (2017) Global mobile OS market share 2009–2017, by quarter. Available online: Accessed 8 Feb 2018
  25. 25.
    Su X, Chuah M, Tan G (2012) Smartphone dual defense protection framework: detecting malicious applications in android markets. Eighth International Conference on Mobile Ad-Hoc and Sensor Networks. IEEE, p 153–160Google Scholar
  26. 26.
    Suarez-Tangil G, Tapiador JE, Peris-Lopez P, Ribagorda A (2014) Evolution, detection and analysis of malware for smart devices. IEEE Commun Surv Tutorials 16(2):961–987CrossRefGoogle Scholar
  27. 27.
    Wu DJ, Mao CH, Lee HM, Wu KP (2012) DroidMat: Android Malware Detection through Manifest and API Calls Tracing, Information Security. IEEE, p 62–69Google Scholar
  28. 28.
    Yang W, Xiao X, Andow B, Li S, Xie T, Enck W (2015) AppContext: differentiating malicious and benign mobile app behaviors using context. Ieee/acm, IEEE International Conference on Software Engineering, IEEE vol 1, p 303–313Google Scholar
  29. 29.
    Yong B, Xu Z, Shen J, Chen H, Tian Y, Zhou Q (2017) Neural network model with Monte Carlo algorithm for electricity demand forecasting in Queensland. Australasian Computer Science Week Multiconference, ACM, p 47Google Scholar
  30. 30.
    Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual API dependency graphs. ACM 7:1105–1116Google Scholar
  31. 31.
    Zhao H (2016) General vector machine. Available online: Accessed 17 Oct 2017. arXiv:1602.03950
  32. 32.
    Zheng M, Sun M, Lui JCS (2014) DroidTrace: a ptrace based Android dynamic analysissystem with forward execution capability. Wireless Communications and Mobile Computing Conference, IEEE, p 128–133Google Scholar
  33. 33.
    Zhou W, Zhou Y, Jiang X, Ning P (2012) Detecting repackaged smartphone applications in third-party android marketplaces. ACM Conference on Data and Application Security and Privacy. ACM, p 317–326Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.School of Information Science and EngineeringLanzhou UniversityLanzhouChina
  2. 2.School of Electronic and Information EngineeringLanzhou Institute of TechnologyLanzhouChina
  3. 3.Department of Computer Science and Information EngineeringProvidence UniversityTaichungTaiwan

Personalised recommendations