SAME: An Intelligent Anti-malware Extension for Android ART Virtual Machine

  • Konstantinos DemertzisEmail author
  • Lazaros IliadisEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9330)


It is well known that cyber criminal gangs are already using advanced and especially intelligent types of Android malware, in order to overcome the out-of-band security measures. This is done in order to broaden and enhance their attacks which mainly target financial and credit foundations and their transactions. It is a fact that most applications used under the Android system are written in Java. The research described herein, proposes the development of an innovative active security system that goes beyond the limits of the existing ones. The developed system acts as an extension on the ART (Android Run Time) Virtual Machine architecture, used by the Android Lolipop 5.0 version. Its main task is the analysis and classification of the Java classes of each application. It is a flexible intelligent system with low requirements in computational resources, named Smart Anti Malware Extension (SAME). It uses the biologically inspired Biogeography-Based Optimizer (BBO) heuristic algorithm for the training of a Multi-Layer Perceptron (MLP) in order to classify the Java classes of an application as benign or malicious. SAME was run in parallel with the Particle Swarm Optimization (PSO), Ant Colony Optimization (ACO) and Genetic Algorithm (GA) and it has shown its validity.


Android malware Java Class File Analysis (JCFA) ART virtual machine Multi-Layer Perceptron (MLP) Biogeography-Based Optimizer (BBO) Bio-inspired optimization algorithms 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Scandariato, R., Walden, J.: Predicting vulnerable classes in an android application (2012)Google Scholar
  5. 5.
    Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: Conference on CIS, pp. 329–333. IEEE (2010)Google Scholar
  6. 6.
    Chin, E., Felt, A., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: 9th Conf. on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)Google Scholar
  7. 7.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: 1st ACM Workshop on SPSM, pp. 15–26. ACM (2011)Google Scholar
  8. 8.
    Glodek, W., Harang, R.R.: Permissions-based detection and analysis of mobile malware using random decision forests. In: IEEE Military Communications Conference (2013)Google Scholar
  9. 9.
    Demertzis, K., Iliadis, L.: Bio-inspired hybrid intelligent method for detecting android malware. In: Proceedings of 9th KICSS 2014, Limassol, Cyprus (2014). ISBN: 978-9963-700-84-4Google Scholar
  10. 10.
    Yerima, Y.S., Sezer, S., Muttik, I.: Android malware detection using parallel machine learning classifiers. In: Proceedings of 8th NGMAST, September 10-14, 2014Google Scholar
  11. 11.
    Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: permission usage to detect malware in android. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: a multi-level anomaly detector for android malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Simon, D.: Biogeography-based optimization. IEEE TEC 12, 702–713 (2008)Google Scholar
  14. 14.
    Panchal, V.K., Singh, P., Kaur, N., Kundra, H.: Biogeography based Satellite Image Classification. Journal of Computer Science and Information Security 6(2) (2009)Google Scholar
  15. 15.
    Lohokare, M.R., Pattnaik, S.S., Devi, S., Bakwad, K.M., Jadhav, D.G.: Biogeography-Based Optimization techniquefor Block-Based Motion Estimation in Video Coding CSIO 2010 (2010)Google Scholar
  16. 16.
    Ovreiu, M., Simon, D.: Biogeography-based optimization of neuro-fuzzy system parameters for diagnosis of cardiac disease. In: Genetic and Evolutionary Computation Conference (2010)Google Scholar
  17. 17.
    Mirjalili, S., Mirjalili, S.M., Lewis, A.: Let a biogeography-based optimizer train your Multi-Layer Perceptron. Elsevier (2014).
  18. 18.
    Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: efficient and explainable detection of android malware in your pocket. In: 21st NDSS, February 2014Google Scholar
  19. 19.
    Spreitzenbarth, M., Echtler, F., Schreck, T., Freling, F.C., Hoffmann, J.: Mobile sandbox: looking deeper into android applications. In: 28th SAC 2013Google Scholar
  20. 20.
  21. 21.
    Hall, M., Eibe, F., Holmes, G., Pfahringer, B., Reutemann, P., Witten, H.I.: The WEKA Data Mining Software: An Update. SIGKDD Explorations 11 (2009)Google Scholar
  22. 22.
    Iliadis, L.: Intelligent Information Systems and applications in risk estimation. Stamoulis Publication, Thessaloniki (2008). ISBN 978-960-6741-33-3 AGoogle Scholar
  23. 23.
    Heaton, J.: Introduction to Neural Networks with Java, 1st edn. (2008). ISBN: 097732060XGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Democritus University of ThraceOrestiadaGreece

Personalised recommendations