Cluster Computing

, Volume 21, Issue 1, pp 955–966 | Cite as

Android malware detection method based on naive Bayes and permission correlation algorithm

  • Fengjun ShangEmail author
  • Yalin Li
  • Xiaolin Deng
  • Dexiang He


In order to detect Android malware more effectively, an Android malware detection model was proposed based on improved naive Bayes classification. Firstly, considering the unknown permission that may be malicious in detection samples, and in order to improve the Android detection rate, the algorithm of malware detection is proposed based on improved naive Bayes. Considering the limited training samples, limited permissions, and the new malicious permissions in the test samples, we used the impact of the new malware permissions and training permissions as the weight. The weighted naive Bayesian algorithm improves the Android malware detection efficiency. Secondly, taking into account the detection model, we proposed a detection model of permissions and information theory based on the improved naive Bayes algorithm. We analyzed the correlation of the permission. By calculating the Pearson correlation coefficient, we determined the value of Pearson correlation coefficient r, and delete the permissions whose value r is less than the threshold \(\rho \) and get the new permission set. So, we got the improved detection model by clustering based on information theory. Finally, we detected the 1725 Android malware and 945 non malicious application of multiple data sets in the same simulation environment. The detection rate of the improved the naive Bayes algorithm is 86.54%, and the detection rate of the non-malicious application is increased to 97.59%. Based on the improved naive Bayes algorithm, the false detection rate of the improved detection model is reduced by 8.25%.


Naive Bayes Android malware detection Privilege feature Correlation coefficient Information theory 



The author would like to thank the Chongqing Basic and Frontier Research Project under Grant NO. cstc2016jcyjA0590. The work is partly funded by the National Nature Science Foundation of China (No. 61672004).


  1. 1.
    Shabtai, A., Elovici, Y.: Applying behavioral Ddetection on Android-based devices. In: Mobile Wireless Middleware, Operating Systems, and Applications. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pp. 235–249. Springer, Heidelberg (2010)Google Scholar
  2. 2.
    Appbrain: Number of Android applications. (2013)
  3. 3.
    Wen, W.P., Mei, R., Ning, G., et al.: Malware detection technology analysis and applied research of android platform. J. Commun. 35(8), 79–94 (2014)Google Scholar
  4. 4.
    Zhang, Yuqing, Fang, Zhejun, Wang, Kai, et al.: Survey of Android vulnerability detection. J. Compu. Res. Dev. 52(10), 2167–2177 (2015)Google Scholar
  5. 5.
    Li, Ting, Dong, Hang, Wang, Chunyang, et al.: Description of Android malware feature based on Dalvik instructions. J. Compu. Res. Dev. 51(7), 1458–1466 (2014)Google Scholar
  6. 6.
    Jiao, Sibei, Ying, Lingyun, Yang, Zhi, et al.: An anti-obfuscation method for detecting similarity among Android applications in large scale. J. Compu. Res. Dev. 51(7), 1446–1457 (2014)Google Scholar
  7. 7.
    Cen, L., Gates, C.S., Si, L.: A probabilistic discriminative model for Android malware detection with decomplied source code. In: Proceedings of IEEE Transaction on Dependable and Secure Computing, pp. 400–412. (2015)Google Scholar
  8. 8.
    Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: Android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21, 114–123 (2016)CrossRefGoogle Scholar
  9. 9.
    Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: IEEE ICC 2014-Mobile and Wireless and Wireless Networking Symposium, pp. 2301–2306. IEEE (2014)Google Scholar
  10. 10.
    Xiangyu, JU.: Android malware detection though permission and package. In: Proceedings of the 2014 International Conference on Wavelet Analysis and Pattern Recognition, pp. 61–65. Lanzhou (2014)Google Scholar
  11. 11.
    Luo, Yang, Zhang, Qixun, et al.: Android multi-level system permission management approach. J. Softw. 26(2), 263–271 (2015)Google Scholar
  12. 12.
    Wang, H.Y., Wang, Z.Y., Guo, Y., et al.: Detecting repackaged Android applications based on code clone detection technique. SCI. SIN. Inf. 44(1), 142–157 (2014). (in Chinese with English abstract)Google Scholar
  13. 13.
    Sarwar, G., Mehani, O., Boreli, R., et al.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In: Proceedings of the 10th International Conference on Security and Cryptography, pp. 461–468. Springer-Verlag, Heidelberg (2013)Google Scholar
  14. 14.
    Xu, Y., Wu, C., Hou, M., et al.: Android malware detection technology based on improved naïve Bayesian. J. Beijing Univ. Posts Telecommun. (2016). doi: 10.13190/j.jbupt.2016.02.009
  15. 15.
    Liu, X., Liu, J.: A two-layered permission-based Android malware detection scheme. In: Proceedings of 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), pp. 142–148. IEEE (2014)Google Scholar
  16. 16.
    Glodek, W., Harang. R.: Rapid permissions-based detection and analysis of mobile malware using random decision forests. In: Proceedings of Military Communications Conference, MILCOM 2013–2013, pp. 980–985. IEEE (2013)Google Scholar
  17. 17.
    Alberge, Florence: On some properties of the mutual information between extrinsics with application to iterative decoding. IEEE Trans. Commun. 63(5), 1541–1553 (2015)CrossRefGoogle Scholar
  18. 18.
    Chan, P.P., Song, W.: Static detection of Android malware by using permission and API calls[. In: Proceedings of the 2014 International Conference, pp. 82–87. IEEE (2014)Google Scholar
  19. 19.
    Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: Proceedings of the IEEE ICC 2014–Mobile and Wireless Networking Symposium, pp. 2301–2306. IEEE (2014)Google Scholar
  20. 20.
    Yang, Huan, Zhang, Yuqing, Yupu, Hu, et al.: Android malware detection method based on permission sequential pattern mining algorithm. J. Commun. 34(Z1), 106–115 (2013)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  • Fengjun Shang
    • 1
    Email author
  • Yalin Li
    • 1
  • Xiaolin Deng
    • 1
  • Dexiang He
    • 1
  1. 1.College of Computer Science and TechnologyChongqing University of Posts and TelecommunicationsChongqingChina

Personalised recommendations