nach oben

Soft Computing

Erschienen in:

03.01.2020 | Focus

DroidDeep: using Deep Belief Network to characterize and detect android malware

verfasst von: Xin Su, Weiqi Shi, Xilong Qu, Yi Zheng, Xuchong Liu

Erschienen in: Soft Computing | Ausgabe 8/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Android operating system and corresponding applications (app) are becoming increasingly popular, because the characteristics (open source, support the third-party app markets, etc.) of the Android platform, which cause the amazing pace of Android malware, poses a great threat to this platform. To solve this security issue, a comprehensive and accurate detection approach should be designed. Many research works dedicate to achieve this goal, including code analysis and machine learning methods, but these kinds of works cannot analyze large amount of Android applications comprehensively and effectively. We propose DroidDeep, which uses a Deep Belief Network model to classify Android malicious app. This proposed approach first collects 11 different kinds of static behavioral characteristics from a large amount of Android applications. Second, we design a Deep Belief Network algorithm to select unique behavioral characteristics from the collected static behavioral characteristics. Third, we detect zero-day Android malicious applications based on selected behavioral characteristics. We choose a dataset which mix with Android benign and malicious applications to evaluate the proposed method. The laboratory results show that the proposed method can obtain a higher detection accuracy (99.4%). Moreover, the proposed approach costs 6 s in average when analyzing and detecting each Android application.

Vorheriger Artikel Correction to: Leveraging cloud computing for the semantic web: review and trends

Nächster Artikel Optimal control of DAB converter backflow power based on phase-shifting strategy

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Aafer Y, Du WL, Yin H (2018) Droidapiminer: Mining api-level features for robust malware detection in android. In: International conference on security and privacy in communication systems (Securecomm), pp 86–103

Apvrille L, Apvrille A (2015) Identifying unknown android malware with feature extractions and classification techniques. In: Conference on trust, security and privacy in computing and communications (Trustcom), pp 66–76

Arshad S, Shah A, Wahid A, Mehmood A, Song H (2018) SAMADroid: a novel 3-level hybrid malware detection model for android operating system. IEEE Access 6:4321–4339CrossRef

Au KWY, Zhou Y, Huang Z (2012) Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp 217–228

Bengio Y (2009) Learning deep architectures for AI. Found Trends Mach Learn 2(1):1–127CrossRef

Bengio Y, Lamblin P, Popovici D, Larochelle H (2007) Greedy layer-wise training of deep networks. Adv Neural Inf Process Syst 19:153–160

Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (SPSM), pp 15–26

Chang X, Yang Y (2017) Semisupervised feature analysis by mining correlations among multiple tasks. IEEE Trans Neural Netw Learn Syst 28(10):2294–2305MathSciNetCrossRef

Chang X, Ma Z, Lin M, Yang Y, Hauptmann A (2017a) Feature interaction augmented sparse learning for fast kinect motion detection. IEEE Trans Image Process 26(8):3911–3920MathSciNetCrossRef

Chang X, Ma Z, Lin M, Yang Y, Zeng Z, Hauptmann A (2017b) Bi-level semantic representation analysis for multimedia event detection. IEEE Trans Cybern 47(5):1180–1197CrossRef

Chang X, Yu Y, Yang Y, Xing P (2017c) Semantic pooling for complex event analysis in untrimmed videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632CrossRef

Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security (CCS), pp 235–245

Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of the 20th USENIX conference on security, pp 21–21

Enck W, Gilbert P, Chun B, Cox L, Jung J, McDaniel P, Sheth A (2014) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst 32(2):5CrossRef

Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security (CCS), pp 627–638

Gorla A, Tavecchia I, Gross F, Zeller A (2014) Checking app behavior against app descriptions. In: Proceedings of the 36th international conference on software engineering (ICSE), pp 1025–1035

Hinton GE (2002) Training products of experts by minimizing contrastive divergence. Neural Comput 14(8):1771–1800CrossRef

Hou S, Saas A, Chen L, Ye Y (2017) Deep4MalDroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: IEEE/WIC/ACM international conference on web intelligence workshops (WIW), pp 104–111

Hubner MH, Arp GD, Spreitzenbarth M, Rieck K (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Network and distributed system security symposium (NDSS), pp 1–12

Jung J, Kim H, Shin D, Lee M, Lee H, Cho S, Suh K (2018) Android malware detection based on useful API calls and machine learning. In: 2018 IEEE first international conference on artificial intelligence and knowledge engineering, vol 1, pp 175–178

Kang H, Jang J, Mohaisen A (2015) Detecting and classifying android malware using static analysis along with creator information. Int J Distrib Sens Netw 11(6):1–9

Li Z, Nie F, Chang X, Yang Y (2017) Beyond trace ratio: weighted harmonic mean of trace ratios for multiclass discriminant analysis. IEEE Trans Knowl Data Eng 29(10):2100–2110CrossRef

Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018a) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inf 14(7):3216–3225CrossRef

Li J, Wang Z, Tang J, Yang Y, Zhou Y (2018b) An android malware detection system based on feature fusion. Chin J Electron 27(6):1206–1213CrossRef

Li W, Wang Z, Cai J, Cheng S (2018c) An android malware detection approach using weight-adjusted deep learning. In: 2018 international conference on computing, networking and communications, pp 437–441

Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018d) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inform 14(7):3216–3225CrossRef

Liang S, Sun W, Might M (2014) Fast flow analysis with godel hashes. In: Source code analysis and manipulation working conference (SCAM), pp 225–234

Ma Z, Ge H, Liu Y, Zhao M, Ma J (2018) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7:21235–21245CrossRef

Martn A, Fernndez VR, Camacho D (2018) CANDYMAN: classifying Android malware families by modelling dynamic traces with Markov chains. Eng Appl Artif Intell 74:121–133CrossRef

Mouhib I, Ouadghiri DE, Naanani H (2017) Homomorphic encryption as a service for outsourced images in mobile cloud computing environment. Int J Cloud Appl Comput (IJCAC) 7(2):27–40

Painter N, Kadhiwala B (2018) Machine-learning-Based android malware detection techniques: a comparative analysis. In: Information and communication technology for sustainable development, vol 2017, pp 181–190

Saracino A, Sgandurra D, Dini G, Martinelli F (2018) MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secure Comput 15(1):83–97CrossRef

Talha KA, Alper DI, Aydin C (2015) Apk auditor: permission-based android malware detection system. Digit Investig 13:1–14CrossRef

Yan LK, Yin H (2012) Droidscope: Seamlessly reconstructing the os and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX conference on security symposium (Security), pp 29–29

Yang W, Xiao XS, Andow B, Li SH, Xie T, Enck W (2015) Appcontext: Differentiating malicious and benign mobile app behaviors using context. In: Proceedings of the 37th international conference on software engineering (ICSE), pp 303–313

Yildiz O, Dogru IA (2019) Permission-based android malware detection system using feature selection with genetic algorithm. Int J Softw Eng Knowl Eng 29(02):245–262CrossRef

Yu F, Saswat A, Isil D, Alex A (2014) Apposcopy: Semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM sigsoft international symposium on foundations of software engineering (FSE), pp 576–587

Yuan ZL, Lu YQ, Wang ZG, Xue YB (2014) Droid-sec: deep learning in android malware detection. In: SIGCOMM computer communication review, August 2014, vol 44, no 4, pp 371–372

Zhao K, Zhang DF, Su X, Li WJ (2015) Fest: a feature extraction and selection tool for android malware detection. In: 2015 IEEE symposium on computers and communication (ISCC), pp 714–720

Zhao M, Jiang H, Xu Q, Li Z (2019) Keyword guessing on multi-user searchable encryption. Int J High Perform Comput Netw 14(1):60–68CrossRef

Zhou Y, Jiang X (2012) Dissecting android malware: Characterization and evolution. In: Proceedings of the 2012 IEEE symposium on security and privacy (S&P), pp 95–109

Zhu H, You Z, Zhu Z, Shi W, Chen X, Cheng L (2018) DroidDet: effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing 272:638–646CrossRef

Zkik K, Orhanou G, Hajji S (2017) Secure mobile multi cloud architecture for authentication and data storage. Int J Cloud Appl Comput (IJCAC) 7(2):62–76

Titel: DroidDeep: using Deep Belief Network to characterize and detect android malware
verfasst von: Xin Su
Weiqi Shi
Xilong Qu
Yi Zheng
Xuchong Liu
Publikationsdatum: 03.01.2020
Verlag: Springer Berlin Heidelberg
Erschienen in: Soft Computing / Ausgabe 8/2020
Print ISSN: 1432-7643
Elektronische ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-019-04589-w

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 8/2020

Application of Kalman filter to Model-based Prognostics for Solenoid Valve

An enhanced heuristic ant colony optimization for mobile robot path planning

Random orthocenter strategy in interior search algorithm and its engineering application

Identity-based data storage scheme with anonymous key generation in fog computing

An efficient index structure for distributed k-nearest neighbours query processing

Boolean lifting property in quantales