Abstract
Android devices are growing exponentially and are connected through the Internet accessing billion of online Websites. The popularity of these devices encourages malware developer to penetrate the market with malicious apps to annoy and disrupt the victim. Although for the detection of malicious apps different approaches are discussed. However, proposed approaches are not sufficed to detect the advanced malware to limit/prevent the damages. In this, very few approaches are based on opcode occurrence to classify the malicious apps. Therefore, this paper investigates the five classifiers using opcode occurrence as the prominent features for the detection of malicious apps. For the analysis, we use WEKA tool and found that FT detection accuracy (~79.27%) is best among the investigated classifiers. However, true positives rate, i.e. malware detection rate is highest (~99.91%) by RF and fluctuate least with the different number of prominent features compared to other studied classifiers. The analysis shows that overall accuracy is majorly affected by the false positives of the classifier.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Statista: Number of available applications in the google play store from December 2009 to February 2016 (August 2016), https://developer.android.com/guide/topics/security/permissions.html
9apps: Free android apps download (August 2016), http://www.9apps.com/
Threat report 3rd quarter, 2015 (2015), http://www.quickheal.co.in/resources/threat-reports
Data, G.: Mobile malware report. Tech. rep., G DATA (2015)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32(2), 5 (2014)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 627–638. ACM (2011)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th international conference on Mobile systems, applications, and services. pp. 281–294. ACM (2012)
Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. EuroSec, April (2013)
Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). pp. 569–584 (2012)
Sharma, A., Sahay, S.K.: Evolution and detection of polymorphic and metamorphic malwares: a survey. International Journal of Computer Applications 90(2), 7–11 (March 2014)
Seo, S.H., Gupta, A., Sallam, A.M., Bertino, E., Yim, K.: Detecting mobile malware threats to homeland security through static analysis. Journal of Network and Computer Applications 38, 43–53 (2014)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: Effective and explainable detection of android malware in your pocket. In: NDSS (2014)
Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: Droidmat: Android malware detection through manifest and api calls tracing. In: Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. pp. 62–69. IEEE (2012)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G.: On the automatic categorisation of android applications. In: 2012 IEEE Consumer communications and networking conference (CCNC). pp. 149–153. IEEE (2012)
Vidas, T., Christin, N., Cranor, L.: Curbing android permission creep. In: Proceedings of the Web. vol. 2, pp. 91–96 (2011)
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android. Tech. rep., University of Maryland Department of Computer Science (2009)
Sharma, A., Sahay, S.K., Kumar, A.: Improving the detection accuracy of unknown malware by partitioning the executables in groups. In: Advanced Computing and Communication Technologies, pp. 421–431. Springer (2016)
Gonzalez, H., Stakhanova, N., Ghorbani, A.A.: Droidkin: Lightweight detection of android apps similarity. In: International Conference on Security and Privacy in Communication Systems. pp. 436–453. Springer (2014)
Schölkopf, B., Platt, J.C., Shawe-Taylor, J., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural computation 13(7), 1443–1471 (2001)
Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: Madam: Effective and efficient behavior-based android malware detection and prevention (2016)
Jerome, Q., Allix, K., State, R., Engel, T.: Using opcode-sequences to detect malicious android applications. In: 2014 IEEE International Conference on Communications (ICC). pp. 914–919. IEEE (2014)
Kang, B., Yerima, S.Y., McLaughlin, K., Sezer, S.: N-opcode analysis for android malware classification and categorization. In: Cyber Security And Protection Of Digital Services (Cyber Security), 2016 International Conference On. pp. 1–7. IEEE (2016)
Virustotal - free online virus, malware and url scanner (June 2016), https://www.virustotal.com/
Winsniewski, R.: Android–apktool: A tool for reverse engineering android apk files (2012)
Paller, G.: Dalvik opcodes, http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
Holmes, G., Donkin, A., Witten, I.H.: Weka: A machine learning workbench. In: Intelligent Information Systems, 1994. Proceedings of the 1994 Second Australian and New Zealand Conference on. pp. 357–361. IEEE (1994)
Sahay, S.K., Sharma, A.: Grouping the executables to detect malwares with high accuracy. Procedia Computer Science 78, 667–674 (2016)
Sharma, A., Sahay, S.K.: An effective approach for classification of advanced malware with high accuracy. International Journal of Security and Its Applications 10(4), 249–266 (2016)
Rodriguez, J.J., Kuncheva, L.I., Alonso, C.J.: Rotation forest: A new classifier ensemble method. IEEE transactions on pattern analysis and machine intelligence 28(10), 1619–1630 (2006)
Landwehr, N., Hall, M., Frank, E.: Logistic model trees. Machine Learning 59(1–2), 161–205 (2005)
Kohavi, R.: Scaling up the accuracy of naive-bayes classifiers: A decision-tree hybrid. In: KDD. vol. 96, pp. 202–207. Citeseer (1996)
Bhargava, N., Sharma, G., Bhargava, R., Mathuria, M.: Decision tree analysis on j48 algorithm for data mining. Proceedings of International Journal of Advanced Research in Computer Science and Software Engineering 3(6) (2013)
Gama, J.: Functional trees. Machine Learning 55(3), 219–250 (2004)
Acknowledgements
Mr. Ashu Sharma is thankful to BITS, Pilani, K.K. Birla Goa Campus, for the support to carry out this work through Ph.D. scholarship No. Ph603226/Jul. 2012/01.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sharma, A., Sahay, S.K. (2018). An Investigation of the Classifiers to Detect Android Malicious Apps. In: Mishra, D., Azar, A., Joshi, A. (eds) Information and Communication Technology . Advances in Intelligent Systems and Computing, vol 625. Springer, Singapore. https://doi.org/10.1007/978-981-10-5508-9_20
Download citation
DOI: https://doi.org/10.1007/978-981-10-5508-9_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5507-2
Online ISBN: 978-981-10-5508-9
eBook Packages: EngineeringEngineering (R0)