Abstract
In order to protect Android users and their information, we have developed a lightweight malware detection tool for Android called Andrana. It leverages machine learning techniques and static analysis to determine, with an accuracy of 94.90%, if an application is malicious. Its analysis can be performed directly on a mobile device in less than a second and using only 12 MB of memory.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Heidelberg (2013). doi:10.1007/978-3-319-04283-1_6
Android operating system security. http://developer.android.com/guide/topics/security/permissions.html. Accessed 5 July 2016
Apktool. https://ibotpeaches.github.io/Apktool/. Accessed 5 July 2016
Appbrain. http://www.appbrain.com/stats/number-of-android-apps. Accessed 18 July 2016
Apvrille, A., Nigam, R.: Obfuscation in android malware, and how to fight back. Virus Bull. 1–10 (2014)
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS) (2014)
Atzeni, A., Su, T., Baltatu, M., D’Alessandro, R., Pessiva, G.: How dangerous is your Android app? An evaluation methodology. In: Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 130–139. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2014)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Breiman, L., Friedman, J., Stone, C.J., Olshen, R.A.: Classification and Regression Trees. CRC Press, Boca Raton (1984)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)
Christensen, A.S., Møller, A., Schwartzbach, M.I.: Precise Analysis of String Expressions. Springer, New York (2003)
Contagio. http://contagiominidump.blogspot.ca/. Accessed 16 July 2016
Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995). http://dx.doi.org/10.1007/BF00994018
Cunningham, P., Delany, S.J.: k-nearest neighbour classifiers. In: Multiple Classifier Systems, pp. 1–17 (2007)
Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: a multi-level anomaly detector for Android malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33704-8_21
Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58(301), 13–30 (1963)
Java string analyzer (JSA). http://www.brics.dk/JSA/. Accessed 5 July 2016
Language detection library. https://github.com/shuyo/language-detection. Acessed 5 July 2016
Li, D., Lyu, Y., Wan, M., Halfond, W.G.: String analysis for Java and Android applications. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, pp. 661–672. ACM (2015)
Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app. classification through static and dynamic analysis. In: 39th Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 422–433. IEEE (2015)
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: a view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)
LSFM. http://lsfm.ift.ulaval.ca/recherche/andrana/. Accessed 30 Sep 2016
Maiorca, D., Ariu, D., Corona, I., Aresu, M., Giacinto, G.: Stealth attacks: an extended insight into the obfuscation effects on Android malware. Comput. Secur. 51, 16–31 (2015)
Permissions classified as dangerous. http://developer.android.com/guide/topics/security/permissions.html#normal-dangerous. Accessed 5 July 2016
Pscout. https://github.com/dweinstein/pscout. Accessed 5 July 2016
Sato, R., Chiba, D., Goto, S.: Detecting Android malware by analyzing manifest files. In: Proceedings of the Asia-Pacific Advanced Network, vol. 36, pp. 23–31 (2013)
Schapire, R.E., Singer, Y.: Improved boosting using confidence-rated predictions. Mach. Learn. 37(3), 297–336 (1999)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: “Andromaly”: a behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)
Smali/baksmali. https://github.com/JesusFreke/smali. Accessed 20 July 2016
Smartphone OS market share, q1 2015 (2015). http://www.idc.com/prodserv/smartphone-os-market-share.jsp. Accessed 7 July 2016
Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 447–458. ACM (2014)
Virus share. https://virusshare.com/. Accessed 14 July 2016
Wu, W.C., Hung, S.H.: DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems, pp. 247–252. ACM (2014)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS, vol. 25, pp. 50–52 (2012)
Acknowledgments
We would like to thank François Laviolette for his suggestions and Souad El Hatib for her help with the string analysis tools. This project was funded by Thales and the NSERC.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Bedford, A. et al. (2017). Andrana: Quick and Accurate Malware Detection for Android. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-51966-1_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51965-4
Online ISBN: 978-3-319-51966-1
eBook Packages: Computer ScienceComputer Science (R0)