MADAM: A Multi-level Anomaly Detector for Android Malware

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7531)


Currently, in the smartphone market, Android is the platform with the highest share. Due to this popularity and also to its open source nature, Android-based smartphones are now an ideal target for attackers. Since the number of malware designed for Android devices is increasing fast, Android users are looking for security solutions aimed at preventing malicious actions from damaging their smartphones.

In this paper, we describe MADAM, a Multi-level Anomaly Detector for Android Malware. MADAM concurrently monitors Android at the kernel-level and user-level to detect real malware infections using machine learning techniques to distinguish between standard behaviors and malicious ones. The first prototype of MADAM is able to detect several real malware found in the wild. The device usability is not affected by MADAM due to the low number of false positives generated after the learning phase.


Intrusion detection Android Security Classification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Juniper Networks: 2011 Mobile Threats Report (February 2012)Google Scholar
  2. 2.
    Burguera, I., U.Z., Nadijm-Tehrani, S.: Crowdroid: Behavior-Based Malware Detection System for Android. In: SPSM 2011. ACM (October 2011)Google Scholar
  3. 3.
    Mutz, D., Valeur, F., Vigna, G.: Anomalous System Call Detection. ACM Transactions on Information and System Security 9(1), 61–93 (2006)CrossRefGoogle Scholar
  4. 4.
    Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems 38(1), 161–190 (2011)CrossRefGoogle Scholar
  5. 5.
    Damopoulos, D., Menesidou, S.A., Kambourakis, G., Papadaki, M., Clarke, N., Gritzalis, S.: Evaluation of Anomaly-Based IDS for Mobile Devices Using Machine Learning Classifiers. Security and Communications Networks 5(00), 1–9 (2011)Google Scholar
  6. 6.
    Bose, A., Shin, K.G.: Proactive Security For Mobile Messaging Networks. In: WiSe 2006 (September 2006)Google Scholar
  7. 7.
    Jacoby, G.A., Marchany, R., Davis IV, N.J.: How Mobile Host Batteries Can Improve Network Security. IEEE Security and Privacy 4, 40–49 (2006)Google Scholar
  8. 8.
    Schmidt, A.-D., Peters, F., Lamour, F., Scheel, C., Çamtepe, S.A., Albayrak, S.: Monitoring smartphones for anomaly detection. Mob. Netw. Appl. 14(1), 92–106 (2009)CrossRefGoogle Scholar
  9. 9.
    Xie, L., Zhang, X., Seifert, J.-P., Zhu, S.: pBMDS: a behavior-based malware detection system for cellphone devices. In: Proceedings of the Third ACM Conference on Wireless Network Security, WISEC 2010, Hoboken, New Jersey, USA, March 22-24, pp. 37–48. ACM (2010)Google Scholar
  10. 10.
    Bose, A., Shin, K.G.: Proactive security for mobile messaging networks. In: WiSe 2006: Proceedings of the 5th ACM Workshop on Wireless Security, New York, NY, USA, pp. 95–104. ACM (2006)Google Scholar
  11. 11.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, New York, NY, USA, pp. 235–245. ACM (2009)Google Scholar
  12. 12.
    Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically Rich Application-Centric Security in Android. In: Annual Computer Security Applications Conference, ACSAC 2009. pp. 340–349 (December 2009)Google Scholar
  13. 13.
    Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J.H., Kiraz, O., Yüksel, K.A., Çamtepe, S.A., Albayrak, S.: Static Analysis of Executables for Collaborative Malware Detection on Android. In: Proceedings of IEEE International Conference on Communications, ICC 2009, Dresden, Germany, June 14-18, pp. 1–5. IEEE (2009)Google Scholar
  14. 14.
    La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Communications Surveys Tutorials (99), 1–26 (2012)Google Scholar
  15. 15.
    Kwak, N., Choi, C.H.: Input Feature Selection for Classification Problems. IEEE Transactions on Neural Networks 13(1), 143–159 (2002)CrossRefGoogle Scholar
  16. 16.
    Falaki, H., Mahajan, R., Kandula, S., Lymberopoulos, D., Govindan, R., Estrin, D.: Diversity in Smartphone Usage. In: MobiSys 2010. ACM (June 2010)Google Scholar
  17. 17.
    Cover, T.M., Hart, P.E.: Nearest Neighbor Pattern Classification. IEEE Transactions on Information Theory IT-13(1), 21–27 (1967)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Dipartimento di Ingegneria dell’InformazioneUniversità di PisaPisaItaly
  2. 2.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicerchePisaItaly

Personalised recommendations