Abstract
The increasing popularity of Android apps makes them the target of malware authors. To defend against this severe increase of Android malwares and help users make a better evaluation of apps at install time, several approaches have been proposed. However, most of these solutions suffer from some shortcomings; computationally expensive, not general or not robust enough. In this paper, we aim to mitigate Android malware installation through providing robust and lightweight classifiers. We have conducted a thorough analysis to extract relevant features to malware behavior captured at API level, and evaluated different classifiers using the generated feature set. Our results show that we are able to achieve an accuracy as high as 99% and a false positive rate as low as 2.2% using KNN classifier.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ActivityManager, http://developer.android.com/reference/android/app/ActivityManager.html
Androguard, http://code.google.com/p/androguard/
Android Malware Genome Project, http://www.malgenomeproject.org/
Intent, http://developer.android.com/reference/android/content/Intent.html
Malware that Takes Without Asking, http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/documentation/white-paper/malware-that-takes-without-asking/
Process, http://developer.android.com/reference/android/os/Process.html
RapidMiner, http://rapid-i.com/content/view/181/190/
Aha, D.W., Kibler, D., Albert, M.K.: Instance-Based Learning Algorithms. Machine Learning 6, 37–66 (1991)
Blasing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: An Android Application Sandbox System for Suspicious Software Detection. In: MALWARE (2010)
Burguera, I., Zurutuza, U., Nadijm-Tehrani, S.: Crowdroid: Behavior-Based Malware Detection System for Android. In: SPSM (2011)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: USENIX, OSDI (2011)
Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certication. In: CCS (2009)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystied. In: CCS (2011)
Felt, A.P., Greenwood, K., Wagner, D.: The Effectiveness of Application Permissions. In: USENIX, WebApps (2011)
Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic Detection of Capability Leaks in Stock Android Smartphones. In: NDSS (2012)
Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.I.: CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities. In: CCS (2012)
Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R.: Using Probabilistic Generative Models for Ranking Risks of Android Apps. In: CCS (2012)
Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: Versatile Protection for Smartphones. In: ACSAC (2010)
Potharaju, R., Newell, A., Nita-Rotaru, C., Zhang, X.: Plagiarizing Smartphone Applications: Attack Strategies and Defense. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 106–120. Springer, Heidelberg (2012)
Quinlan, J.R.: Induction of Decision Tree. Machine Learning 1(1), 81–106 (1986)
Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann (1993)
Sarma, B., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android Permissions: A Perspective Combining Risks and Benets. In: SACMAT (2012)
Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yuksel, K.A., Camtepe, S.A., Albayrak, S.: Static Analysis of Executables for Collaborative Malware Detection on Android. In: ICC (2009)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a Behavioral Malware Detection Framework for Android Devices. Journal of Intelligent Information Systems Archive 38(1) (2012)
Vapnik, V.: The Nature of Statistical Learning Theory. Springer, NY (1995)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission Evolution in the Android Ecosystem. In: ACSAC (2012)
Yan, L.K., Yin, H.: DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In: USENIX, Security (2012)
Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In: CODASPY (2012)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In: NDSS (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Aafer, Y., Du, W., Yin, H. (2013). DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-04283-1_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04282-4
Online ISBN: 978-3-319-04283-1
eBook Packages: Computer ScienceComputer Science (R0)