Computer Science ›› 2019, Vol. 46 ›› Issue (2): 95-101.doi: 10.11896/j.issn.1002-137X.2019.02.015

• Information Security • Previous Articles     Next Articles

Android Malware Detection with Multi-dimensional Sensitive Features

XIE Nian-nian1, ZENG Fan-ping1,2, ZHOU Ming-song1, QIN Xiao-xia1, LV Cheng-cheng1, CHEN Zhao1   

  1. School of Computer Science and Technology,University of Science and Technology of China,Hefei 230026,China1
    Anhui Province Key Lab of Software in Computing and Communication,Hefei 230026,China2
  • Received:2018-01-18 Online:2019-02-25 Published:2019-02-25

Abstract: The behavior semantics of applications play a key role in Android malware detection.In order to distinguish the behavior semantics of applications,this paper presented suitable features and method for Android malware detection.This paper first defined the generalizdd-sensitive API,and emphasized to consider whether the trigger point of the generalized-sensitive API is UI-related as well as combined the really-used permission.The approach first abstracts the generalized-sensitive API and their trigger points as the semantic feature,extracts the really-used permission as the syntax feature,and then leverages machine learning-based classification method to automatically detect whether the application is benign or malicious.Comparative experiments were conducted on 13226 samples.The experimental results show that the proposed approach costs little time and the feature set is reasonable,and it can get good classification results.Through the comparison of several machine learning-based techniques,Random Forest is chosen as the classification method,and the results demanstrate that the accuracy achieves 96.5%,AUC reaches 0.99,and a classification precision of malware reaches 98.8%.

Key words: Android malware detection, Machine learning, Semantic feature, Static analysis, Syntax feature

CLC Number: 

  • TP311
[1]ENCK W,GILBERT P,HAN S,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems (TOCS),2014,32(2):1-29.
[2]WEI F,ROY S,OU X.Amandroid:A precise and general inter-component data flow analysis framework for security vetting of android apps[C]∥Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.ACM,2014:1329-1341.
[3]YAN L K,YIN H.DroidScope:Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis[C]∥USENIX Security Symposium.2012:569-584.
[4]ARZT S,RASTHOFER S,FRITZ C,et al.FlowDroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[J].Acm Sigplan Notices,2014,49(6):259-269.
[5]LI L,BARTEL A,BISSYANDE T F,et al.Iccta:Detecting inter-component privacy leaks in android apps[C]∥Proceedings of the 37th International Conference on Software Engineering-Vo-lume 1.IEEE Press,2015:280-291.
[6]ARP D,SPREITZENBARTH M,HUBNER M,et al.DREBIN:Effective and Explainable Detection of Android Malware in Your Pocket[C]∥ Network and Distributed System Security Symposium.2014.
[7]YANG W,XIAO X,ANDOW B,et al.AppContext:Differentiating malicious and benign mobile app behaviors using context[C]∥ IEEE/ACM,IEEE International Conference on Software Engineering.IEEE,2015:303-313.
[8]PENG H,GATES C,SARMA B,et al.Using probabilistic ge- nerative models for ranking risks of android apps[C]∥Procee-dings of the 2012 ACM conference on Computer and communications security.ACM,2012:241-252.
[9]MOONSAMY V,RONG J,LIU S.Mining permission patterns for contrasting clean and malicious android applications[J].Future Generation Computer Systems,2014,36:122-132.
[10]TALHA K A,ALPER D I,AYDIN C.APK Auditor:Permission-based Android malware detection system[J].Digital Investigation,2015,13:1-14.
[11]CEN L,GATES C S,SI L,et al.A probabilistic discriminative model for android malware detection with decompiled source code[J].IEEE Transactions on Dependable and Secure Computing,2015,12(4):400-412.
[12]AAFER Y,DU W,YIN H.DroidAPIMiner:Mining API-Level Features for Robust Malware Detection in Android[C]∥ International Conference on Security and Privacy in Communication Systems.Springer International Publishing,2013:86-103.
[13]YERIMA S Y,SEZER S,MCWILLIAMS G,et al.A new android malware detection approach using bayesian classification[C]∥2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).IEEE,2013:121-128.
[14]FENG Y,ANAND S,DILLIG I,et al.Apposcopy:semantics- based detection of Android malware through static analysis[C]∥ ACM Sigsoft International Symposium on Foundations of Software Engineering.ACM,2014:576-587.
[15]ZHANG M,DUAN Y,YIN H,et al.Semantics-Aware Android Malware Classification Using Weighted Contextual API Depen-dency Graphs[C]∥ ACM.2014:1105-1116.
[16]GASCON H,YAMAGUCHI F,ARP D,et al.Structural detection of android malware using embedded call graphs[C]∥ ACM Workshop on Artificial Intelligence and Security.ACM,2013:45-54.
[17]MIAO X C,WANG R,XU L,et al.Security Analysis for Android Applications Using Sensitive Path Identification [J].Journal of Software,2017,28(9):2248-2263.(in Chinese)
缪小川,汪睿,许蕾,等.使用敏感路径识别方法分析安卓应用安全性[J].软件学报,2017,28(9):2248-2263.
[18]AU K W Y,ZHOU Y F,HUANG Z,et al.PScout:analyzing the Android permission specification[C]∥ ACM Conference on Computer and Communications Security.ACM,2012:217-228.
[19]LI L,OCTEAU D,KLEIN J.DroidRA:taming reflection to support whole-program analysis of Android apps[C]∥Internatio-nal Symposium on Software Testing and Analysis.ACM,2016:318-329.
[20]FRANK E,HALL M,HOLMES G,et al.Weka-a machine learning workbench for data mining[M]∥Data Mining and Knowledge Discovery Handbook.Springer,Boston,MA,2009:1269-1277.
[21]RASTHOFER S,ARZT S,BODDEN E.A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks[C]∥Proc.NDSS,2014.
[22]ZHOU Y,JIANG X.Dissecting Android Malware:Characterization and Evolution[C]∥ IEEE Symposium on Security and Privacy.IEEE Computer Society,2012:95-109.
[1] LENG Dian-dian, DU Peng, CHEN Jian-ting, XIANG Yang. Automated Container Terminal Oriented Travel Time Estimation of AGV [J]. Computer Science, 2022, 49(9): 208-214.
[2] NING Han-yang, MA Miao, YANG Bo, LIU Shi-chang. Research Progress and Analysis on Intelligent Cryptology [J]. Computer Science, 2022, 49(9): 288-296.
[3] LI Yao, LI Tao, LI Qi-fan, LIANG Jia-rui, Ibegbu Nnamdi JULIAN, CHEN Jun-jie, GUO Hao. Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network [J]. Computer Science, 2022, 49(8): 257-266.
[4] ZHANG Guang-hua, GAO Tian-jiao, CHEN Zhen-guo, YU Nai-wen. Study on Malware Classification Based on N-Gram Static Analysis Technology [J]. Computer Science, 2022, 49(8): 336-343.
[5] HE Qiang, YIN Zhen-yu, HUANG Min, WANG Xing-wei, WANG Yuan-tian, CUI Shuo, ZHAO Yong. Survey of Influence Analysis of Evolutionary Network Based on Big Data [J]. Computer Science, 2022, 49(8): 1-11.
[6] CHEN Ming-xin, ZHANG Jun-bo, LI Tian-rui. Survey on Attacks and Defenses in Federated Learning [J]. Computer Science, 2022, 49(7): 310-323.
[7] LI Ya-ru, ZHANG Yu-lai, WANG Jia-chen. Survey on Bayesian Optimization Methods for Hyper-parameter Tuning [J]. Computer Science, 2022, 49(6A): 86-92.
[8] ZHAO Lu, YUAN Li-ming, HAO Kun. Review of Multi-instance Learning Algorithms [J]. Computer Science, 2022, 49(6A): 93-99.
[9] XIAO Zhi-hong, HAN Ye-tong, ZOU Yong-pan. Study on Activity Recognition Based on Multi-source Data and Logical Reasoning [J]. Computer Science, 2022, 49(6A): 397-406.
[10] YAO Ye, ZHU Yi-an, QIAN Liang, JIA Yao, ZHANG Li-xiang, LIU Rui-liang. Android Malware Detection Method Based on Heterogeneous Model Fusion [J]. Computer Science, 2022, 49(6A): 508-515.
[11] WANG Fei, HUANG Tao, YANG Ye. Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion [J]. Computer Science, 2022, 49(6A): 784-789.
[12] ZHAO Jing-wen, FU Yan, WU Yan-xia, CHEN Jun-wen, FENG Yun, DONG Ji-bin, LIU Jia-qi. Survey on Multithreaded Data Race Detection Techniques [J]. Computer Science, 2022, 49(6): 89-98.
[13] XU Jie, ZHU Yu-kun, XING Chun-xiao. Application of Machine Learning in Financial Asset Pricing:A Review [J]. Computer Science, 2022, 49(6): 276-286.
[14] LI Ye, CHEN Song-can. Physics-informed Neural Networks:Recent Advances and Prospects [J]. Computer Science, 2022, 49(4): 254-262.
[15] YAO Xiao-ming, DING Shi-chang, ZHAO Tao, HUANG Hong, LUO Jar-der, FU Xiao-ming. Big Data-driven Based Socioeconomic Status Analysis:A Survey [J]. Computer Science, 2022, 49(4): 80-87.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!