Mobile App and Malware Classifications by Mobile Usage with Time Dynamics

  • Yong ZhengEmail author
  • Sridhar Srinivasan
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 926)


Smartphones have become a popular target for cyberattacks. Malware can be embedded into the mobile applications. Several techniques have been proposed to alleviate these problems. However, these solutions may perform experiments by using simulated data, or may require root system privileges, or did not take advantage of the discovered patterns to build more effective malware detection methods. In this paper, we use the SherLock data which is a labeled smartphone dataset that captures ongoing attacks within the low-privileged monitorable features. We analyze the usage behaviors, discover temporal and usage patterns, and further examine multiple classification techniques to predict the type and the running state (i.e., benign and malicious) of the mobile apps by using different combinations of feature sets. Our experiments identified the best feature sets and methods to detect malwares, and we demonstrate the usefulness of temporal information in the predictive analysis.


  1. 1.
    Amos, B., Turner, H., White, J.: Applying machine learning classifiers to dynamic Android malware detection at scale. In: 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC, pp. 1666–1671. IEEE (2013)Google Scholar
  2. 2.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)Google Scholar
  3. 3.
    Chang, S.-W., Cheng, S.-W., Hsiu, P.-C., Kuo, T.-W., Lin, C.-W.: Application behavior analysis in resource consumption for mobile devices. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1469–1474. ACM (2014)Google Scholar
  4. 4.
    Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar
  5. 5.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)Google Scholar
  6. 6.
    Guo, Y., Gu, S.: Multi-label classification using conditional dependency networks. In: IJCAI Proceedings, vol. 22, p. 1300 (2011)Google Scholar
  7. 7.
    Idika, N., Mathur, A.P.: A survey of malware detection techniques, p. 48. Purdue University (2007)Google Scholar
  8. 8.
    Jiang, X., Zhou, Y.: Dissecting Android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109. IEEE (2012)Google Scholar
  9. 9.
    Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Australasian Joint Conference on Artificial Intelligence, pp. 137–149. Springer (2016)Google Scholar
  10. 10.
    Mirsky, Y., Shabtai, A., Rokach, L., Shapira, B., Elovici, Y.: Sherlock vs moriarty: a smartphone dataset for cybersecurity research. In: Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, pp. 1–12. ACM (2016)Google Scholar
  11. 11.
    Narudin, F.A., Feizollah, A., Anuar, N.B., Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft Comput. 20(1), 343–357 (2016)CrossRefGoogle Scholar
  12. 12.
    Nix, R., Zhang, J.: Classification of Android apps and malware using deep neural networks. In: International Joint Conference on Neural Networks, pp. 1871–1878. IEEE (2017)Google Scholar
  13. 13.
    Read, J., Pfahringer, B., Holmes, G., Frank, E.: Classifier chains for multi-label classification. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp. 254–269. Springer (2009)Google Scholar
  14. 14.
    Shamili, A.S., Bauckhage, C., Alpcan, T.: Malware detection on mobile devices using distributed machine learning. In: 2010 20th International Conference on Pattern Recognition, ICPR, pp. 4348–4351. IEEE (2010)Google Scholar
  15. 15.
    Shen, Y., Evans, N., Benameur, A.: Insights into rooted and non-rooted Android mobile devices with behavior analytics. In: Proceedings of the 31st Annual ACM Symposium on Applied Computing, pp. 580–587. ACM (2016)Google Scholar
  16. 16.
    Shin, C., Hong, J.-H., Dey, A.K.: Understanding and prediction of mobile application usage for smart phones. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 173–182. ACM (2012)Google Scholar
  17. 17.
    Tang, L.-Y., Hsiu, P.-C., Huang, J.-L., Chen, M.-S.: iLauncher: an intelligent launcher for mobile apps based on individual usage patterns. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 505–512. ACM (2013)Google Scholar
  18. 18.
    Tsoumakas, G., Katakis, I.: Multi-label classification: an overview. Int. J. Data Warehous. Min. (IJDWM) 3(3), 1–13 (2007)CrossRefGoogle Scholar
  19. 19.
    Zheng, Y., Srinivasan, S., Taehun, K.: Exploratory malware analysis of mobile usages. In: Proceedings of the 19th Annual SIG Conference on Information Technology Education, pp. 158–158. ACM (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Illinois Institute of TechnologyChicagoUSA

Personalised recommendations