Skip to main content
Erschienen in: Annals of Telecommunications 9-10/2017

13.05.2017

An android malware dynamic detection method based on service call co-occurrence matrices

verfasst von: Chundong Wang, Zhiyuan Li, Xiuliang Mo, Hong Yang, Yi Zhao

Erschienen in: Annals of Telecommunications | Ausgabe 9-10/2017

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

With the market share of Android mobile devices increasing, Android has come to dominate the smartphone operating system market. It also draws the attention of malware authors and researchers. The number of Android malicious applications is constantly increasing. However, due to the limitations of static detection in code obfuscation and dynamic loading, the current research of Android malicious code detection needs to be deeply studied in dynamic detection. In this paper, a new Android malware identification method is proposed. This method extracts the feature of Android system service call sequences by using a co-occurrence matrix and uses machine-learning algorithm to classify the feature sequence and to verify whether this feature sequence can expose Android malware behaviors or not. By using 750 malware samples and 1000 benign samples, this paper has designed an experiment to evaluate this method. The results show that this method has a high detection precision rate (97.1%) in the best case and a low false-positive rate (2.1%) in the worst case based on the system service call co-occurrence matrix.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Literatur
2.
Zurück zum Zitat Afonso VM, de Amorim MF, Grégio ARA, Junquera GB, de Geus PL (2015) Identifying android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques 11(1):9–17 Afonso VM, de Amorim MF, Grégio ARA, Junquera GB, de Geus PL (2015) Identifying android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques 11(1):9–17
3.
Zurück zum Zitat Althebyan Q, Yaseen Q, Jararweh Y, Al-Ayyoub M (2016) Cloud support for large scale e-healthcare systems. Ann Telecommun pp 1–13 Althebyan Q, Yaseen Q, Jararweh Y, Al-Ayyoub M (2016) Cloud support for large scale e-healthcare systems. Ann Telecommun pp 1–13
5.
Zurück zum Zitat Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not 49(6): 259–269CrossRef Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not 49(6): 259–269CrossRef
6.
Zurück zum Zitat Blokhin K, Saxe J, Mentis D (2013) Malware similarity identification using call graph based system call subsequence features 2013 IEEE 33Rd international conference on distributed computing systems workshops. IEEE, pp 6–10 Blokhin K, Saxe J, Mentis D (2013) Malware similarity identification using call graph based system call subsequence features 2013 IEEE 33Rd international conference on distributed computing systems workshops. IEEE, pp 6–10
7.
Zurück zum Zitat Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26 Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26
8.
Zurück zum Zitat Chen L, Aritsugi M (2006) An svm-based masquerade detection method with online upyear using co-occurrence matrix International conference on detection of intrusions and malware, and vulnerability assessment. Springer, pp 37–53 Chen L, Aritsugi M (2006) An svm-based masquerade detection method with online upyear using co-occurrence matrix International conference on detection of intrusions and malware, and vulnerability assessment. Springer, pp 37–53
9.
Zurück zum Zitat Coutinho EF, de Carvalho Sousa FR, Rego PAL, Gomes DG, de Souza JN (2015) Elasticity in cloud computing: a survey. Annals of telecommunications-annales des télécommunications 70(7-8):289–309 Coutinho EF, de Carvalho Sousa FR, Rego PAL, Gomes DG, de Souza JN (2015) Elasticity in cloud computing: a survey. Annals of telecommunications-annales des télécommunications 70(7-8):289–309
10.
Zurück zum Zitat Cui B, Liu Z, Wang L (2016) Key-aggregate searchable encryption (kase) for group data sharing via cloud storage. IEEE Trans Comput 65(8):2374–2385MathSciNetCrossRefMATH Cui B, Liu Z, Wang L (2016) Key-aggregate searchable encryption (kase) for group data sharing via cloud storage. IEEE Trans Comput 65(8):2374–2385MathSciNetCrossRefMATH
11.
Zurück zum Zitat Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2014) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst (TOCS) 32(2):5CrossRef Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2014) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst (TOCS) 32(2):5CrossRef
13.
Zurück zum Zitat Lin YD, Lai YC, Chen CH, Tsai HC (2013) Identifying android malicious repackaged applications by thread-grained system call sequences. Comput Secur 39:340–350CrossRef Lin YD, Lai YC, Chen CH, Tsai HC (2013) Identifying android malicious repackaged applications by thread-grained system call sequences. Comput Secur 39:340–350CrossRef
14.
Zurück zum Zitat Liu Z, Chen X, Yang J, Jia C, You I (2016) New order preserving encryption model for outsourced databases in cloud environments. J Netw Comput Appl 59:198–207CrossRef Liu Z, Chen X, Yang J, Jia C, You I (2016) New order preserving encryption model for outsourced databases in cloud environments. J Netw Comput Appl 59:198–207CrossRef
15.
Zurück zum Zitat Muñoz EAC, Le Denmat F, Morin A, Lagrange X (2015) Multimedia content delivery trigger in a mobile network to reduce the peak load. Annals of telecommunications-annales des télécommunications 70(7-8):321–330CrossRef Muñoz EAC, Le Denmat F, Morin A, Lagrange X (2015) Multimedia content delivery trigger in a mobile network to reduce the peak load. Annals of telecommunications-annales des télécommunications 70(7-8):321–330CrossRef
16.
Zurück zum Zitat Oka M, Oyama Y, Abe H, Kato K (2004) Anomaly detection using layered networks based on eigen co-occurrence matrix International workshop on recent advances in intrusion detection. Springer, pp 223–237 Oka M, Oyama Y, Abe H, Kato K (2004) Anomaly detection using layered networks based on eigen co-occurrence matrix International workshop on recent advances in intrusion detection. Springer, pp 223–237
17.
Zurück zum Zitat Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and api calls 2013 IEEE 25Th international conference on tools with artificial intelligence. IEEE, pp 300–305 Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and api calls 2013 IEEE 25Th international conference on tools with artificial intelligence. IEEE, pp 300–305
18.
Zurück zum Zitat Potharaju R, Newell A, Nita-Rotaru C, Zhang X (2012) Plagiarizing smartphone applications: attack strategies and defense techniques International symposium on engineering secure software and systems. Springer, pp 106–120 Potharaju R, Newell A, Nita-Rotaru C, Zhang X (2012) Plagiarizing smartphone applications: attack strategies and defense techniques International symposium on engineering secure software and systems. Springer, pp 106–120
19.
Zurück zum Zitat Sato R, Chiba D, Goto S (2013) Detecting android malware by analyzing manifest files. Proceedings of the Asia-Pacific Advanced Network 36:23–31CrossRef Sato R, Chiba D, Goto S (2013) Detecting android malware by analyzing manifest files. Proceedings of the Asia-Pacific Advanced Network 36:23–31CrossRef
20.
Zurück zum Zitat Seo SH, Gupta A, Sallam AM, Bertino E, Yim K (2014) Detecting mobile malware threats to homeland security through static analysis. J Netw Comput Appl 38:43–53CrossRef Seo SH, Gupta A, Sallam AM, Bertino E, Yim K (2014) Detecting mobile malware threats to homeland security through static analysis. J Netw Comput Appl 38:43–53CrossRef
21.
Zurück zum Zitat Shabtai A, Fledel Y, Elovici Y (2010) Automated static code analysis for classifying android applications using machine learning 2010 international conference on Computational intelligence and security (CIS). IEEE, pp 329–333 Shabtai A, Fledel Y, Elovici Y (2010) Automated static code analysis for classifying android applications using machine learning 2010 international conference on Computational intelligence and security (CIS). IEEE, pp 329–333
22.
Zurück zum Zitat Suarez-Tangil G, Tapiador JE, Peris-Lopez P, Blasco J (2014) Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst Appl 41(4):1104–1117CrossRef Suarez-Tangil G, Tapiador JE, Peris-Lopez P, Blasco J (2014) Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst Appl 41(4):1104–1117CrossRef
23.
Zurück zum Zitat Vidas T, Votipka D, Christin N (2011) All your droid are belong to us: a survey of current android attacks WOOT, pp 81–90 Vidas T, Votipka D, Christin N (2011) All your droid are belong to us: a survey of current android attacks WOOT, pp 81–90
24.
Zurück zum Zitat Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for Malicious application detection. IEEE Trans Inf Forensics Secur 9(11):1869–1882CrossRef Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for Malicious application detection. IEEE Trans Inf Forensics Secur 9(11):1869–1882CrossRef
25.
Zurück zum Zitat Wang X, Yang Y, Zeng Y (2015) Accurate mobile malware detection and classification in the cloud. SpringerPlus 4(1):1CrossRef Wang X, Yang Y, Zeng Y (2015) Accurate mobile malware detection and classification in the cloud. SpringerPlus 4(1):1CrossRef
26.
Zurück zum Zitat Weichselbaum L, Neugschwandtner M, Lindorfer M, Fratantonio Y, van der Veen V, Platzer C (2014) Andrubis: Android malware under the magnifying glass. Vienna University of Technology, Tech Rep TRISECLAB-0414 1:5 Weichselbaum L, Neugschwandtner M, Lindorfer M, Fratantonio Y, van der Veen V, Platzer C (2014) Andrubis: Android malware under the magnifying glass. Vienna University of Technology, Tech Rep TRISECLAB-0414 1:5
27.
Zurück zum Zitat Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP (2012) Droidmat: Android malware detection through manifest and api calls tracing 2012 seventh asia joint conference on Information security (asia JCIS). IEEE, pp 62–69 Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP (2012) Droidmat: Android malware detection through manifest and api calls tracing 2012 seventh asia joint conference on Information security (asia JCIS). IEEE, pp 62–69
28.
Zurück zum Zitat Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608CrossRef Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608CrossRef
29.
Zurück zum Zitat Xiao X, Xiao X, Jiang Y, Liu X, Ye R (2016) Identifying android malware with system call co-occurrence matrices Transactions on Emerging Telecommunications Technologies Xiao X, Xiao X, Jiang Y, Liu X, Ye R (2016) Identifying android malware with system call co-occurrence matrices Transactions on Emerging Telecommunications Technologies
30.
Zurück zum Zitat Xu K, Li Y, Deng RH (2016) Iccdetector: Icc-based malware detection on android. IEEE Trans Inf Forensics Secur 11(6):1252–1264CrossRef Xu K, Li Y, Deng RH (2016) Iccdetector: Icc-based malware detection on android. IEEE Trans Inf Forensics Secur 11(6):1252–1264CrossRef
31.
Zurück zum Zitat Yuan C, Sun X, Lv R (2016) Fingerprint liveness detection based on multi-scale lpq and pca. China Communications 13(7):60–65CrossRef Yuan C, Sun X, Lv R (2016) Fingerprint liveness detection based on multi-scale lpq and pca. China Communications 13(7):60–65CrossRef
32.
Zurück zum Zitat Yuan Z, Lu Y, Wang Z, Xue Y (2014) Droid-sec: Deep learning in android malware detection ACM SIGCOMM Computer communication review, vol 44. ACM, pp 371–372 Yuan Z, Lu Y, Wang Z, Xue Y (2014) Droid-sec: Deep learning in android malware detection ACM SIGCOMM Computer communication review, vol 44. ACM, pp 371–372
33.
Zurück zum Zitat Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: Detecting Malicious apps in official and alternative android markets NDSS, vol 25, pp 50–52 Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: Detecting Malicious apps in official and alternative android markets NDSS, vol 25, pp 50–52
Metadaten
Titel
An android malware dynamic detection method based on service call co-occurrence matrices
verfasst von
Chundong Wang
Zhiyuan Li
Xiuliang Mo
Hong Yang
Yi Zhao
Publikationsdatum
13.05.2017
Verlag
Springer Paris
Erschienen in
Annals of Telecommunications / Ausgabe 9-10/2017
Print ISSN: 0003-4347
Elektronische ISSN: 1958-9395
DOI
https://doi.org/10.1007/s12243-017-0580-9

Weitere Artikel der Ausgabe 9-10/2017

Annals of Telecommunications 9-10/2017 Zur Ausgabe