Skip to main content
SpringerLink
Log in
Book cover

International Conference on Algorithms and Architectures for Parallel Processing

ICA3PP 2018: Algorithms and Architectures for Parallel Processing pp 166–177Cite as

MulAV: Multilevel and Explainable Detection of Android Malware with Data Fusion

  • 1938 Accesses

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 11337)

Abstract

With the popularization of smartphones, the number of mobile applications has grown substantially. However, many malware are emerging and thus pose a serious threat to the user’s mobile phones. Malware detection has become a public concern that requires urgent resolution. In this paper, we propose MulAV, a multilevel and explainable detection method with data fusion. Our method obtain information from multiple levels (the APP source code, network traffic, and geospatial information) and combine it with machine learning method to train a model which can identify mobile malware with high accuracy and few false alarms. Experimental result shows that MulAV outperforms other anti-virus scanners and methods and achieves a detection rate of 97.8% with 0.4% false alarms. Furthermore, for the benefit of users, MulAV displays the explanation for each detection, thus revealing relevant properties of the detected malware.

Keywords

  • Android malware detection
  • Data fusion
  • Multilevel
  • Result explanation

Supported by the National Natural Science Foundation of China under Grants No. 61672262, No. 61573166 and No. 61572230, the Shandong Provincial Key R&D Program under Grant No. 2016GGX101001, No. 2016GGX101008, No. 2018CXGC0706 and No. 2016ZDJS01A09, the TaiShan Industrial Experts Programme of Shandong Province under Grants No. tscy20150305, CERNET Next Generation Internet Technology Innovation Project under Grant No. NGII20160404.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Geoip. https://dev.maxmind.com/zh-hans/geoip/legacy/geolite/

  2. Mobile-security-framework. https://github.com/MobSF/Mobile-Security-Framework-MobSF

  3. Virusshare. https://virusshare.com/

  4. Virustotal. https://www.virustotal.com/

  5. Number of available applications in the google play store. Technical report. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store (2017)

  6. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  7. Cao, D., et al.: Droidcollector: a high performance framework for high quality android traffic collection. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 1753–1758. IEEE (2016)

    Google Scholar 

  8. Chakraborty, T., Pierazzi, F., Subrahmanian, V.: EC2: ensemble clustering and classification for predicting android malware families. IEEE Trans. Dependable Secur. Comput., 1 (2017)

    Google Scholar 

  9. Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)

    CrossRef  Google Scholar 

  10. Hypponen, M.: Malware goes mobile. Sci. Am. 295(5), 70–77 (2006)

    CrossRef  Google Scholar 

  11. Narudin, F.A., Feizollah, A., Anuar, N.B., Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft Comput. 20(1), 343–357 (2016)

    CrossRef  Google Scholar 

  12. Octeau, D., et al.: Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: ACM SIGPLAN Notices, vol. 51, pp. 469–484. ACM (2016)

    CrossRef  Google Scholar 

  13. Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secur. Comput. 15, 83–97 (2016)

    CrossRef  Google Scholar 

  14. Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., Hoffmann, J.: Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques. Int. J. Inf. Secur. 14(2), 141–153 (2015)

    CrossRef  Google Scholar 

  15. Suarez-Tangil, G., Dash, S.K., Ahmadi, M., Kinder, J., Giacinto, G., Cavallaro, L.: DroidSieve: fast and accurate classification of obfuscated android malware. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 309–320. ACM (2017)

    Google Scholar 

  16. Tong, F., Yan, Z.: A hybrid approach of mobile malware detection in android. J. Parallel Distrib. Comput. 103, 22–31 (2017)

    CrossRef  Google Scholar 

  17. Wang, S., et al.: TrafficAV: an effective and explainable detection of mobile malware behavior using network traffic. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–6. IEEE (2016)

    Google Scholar 

  18. Wong, M.Y., Lie, D.: IntelliDroid: a targeted input generator for the dynamic analysis of android malware. In: NDSS, vol. 16, pp. 21–24 (2016)

    Google Scholar 

  19. Zhang, J.: Research of Android application security. Ph.D. thesis, Beijing University of Posts and Telecommunications (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, University of Jinan, Jinan, 250022, Shandong, China

    Qun Li, Zhenxiang Chen, Shanshan Wang & Kun Ma

  2. Shandong Provincial Key Laboratory of Network Based Intelligent Computing, Jinan, 250022, Shandong, China

    Qun Li, Zhenxiang Chen, Shanshan Wang & Kun Ma

  3. University of Nebraska Lincoln, Lincoln, NE, 68588, USA

    Qiben Yan

  4. Shandong University, Jinan, 250101, Shandong, China

    Yuliang Shi & Lizhen Cui

Authors
  1. Qun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhenxiang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qiben Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shanshan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kun Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yuliang Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Lizhen Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhenxiang Chen .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Q. et al. (2018). MulAV: Multilevel and Explainable Detection of Android Malware with Data Fusion. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05063-4_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05062-7

  • Online ISBN: 978-3-030-05063-4

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation