Top

Published in:

2018 | OriginalPaper | Chapter

SAFEDroid: Using Structural Features for Detecting Android Malwares

Authors : Sevil Sen, Ahmet I. Aysan, John A. Clark

Published in: Security and Privacy in Communication Networks

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Mobile devices have become a popular target for attackers, whose aims are to harm the devices, illegally obtain personal information and ultimately to reap financial benefit. In order to detect such malicious attempts, security solutions based on static analysis are mainly preferred due to resource-constraints of these devices. However, in general, static analysis-based solutions are not very effective against new mobile malwares and new variants of existing mobile malwares appear on a daily basis. In this study, new features for static analysis are investigated in order to detect mobile malwares. While studies found in the literature mostly employ API calls and permissions, this current study explores some novel structural features. Results show the relative effectiveness of these features on malware detection. Furthermore, it is shown that these features detect new malwares better than solely applying API-based features.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter : An Access Control Model for Social Networks with Translucent User Provenance

next chapter Manipulating the Five V’s in the Next Generation Air Transportation System

Kaspersky Lab: The volume of new mobile malware tripled in 2015, March 2016. http://www.kaspersky.com/about/news/virus/2016/The_Volume_of_New_Mobile_Malware_Tripled_in_2015

McAfee Lab: McAfee lab threats report, June 2016. https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-jun-2017.pdf, https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-jun-2017.pdf

Feizollah, A., Anuar, N.B., Salleh, R., Wahab, A.W.A.: A review on feature selection in mobile malware detection. Digit. Investig. 13, 22–37 (2015)CrossRef

Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: PE-Miner: mining structural information to detect malicious executables in realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 121–141. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04342-0_7CrossRef

Symantec: Internet security threat report, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM (2009)

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)

Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day Android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294. ACM (2012)

10.

Seo, S.-H., Gupta, A., Sallam, A.M., Bertino, E., Yim, K.: Detecting mobile malware threats to homeland security through static analysis. J. Netw. Comput. Appl. 38, 43–53 (2014)CrossRef

11.

Zheng, M., Sun, M., Lui, J.C.S.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate Android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom, pp. 163–171. IEEE (2013)

12.

Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K., CERT Siemens: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of the ISOC Network and Distributed System Security Symposium, NDSS (2014)

13.

Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6CrossRef

14.

Goyal, R., Spognardi, A., Dragoni, N., Argyriou, M.: SafeDroid: a distributed malware detection service for Android. In: 2016 IEEE 9th International Conference on Service-Oriented Computing and Applications (SOCA), pp. 59–66. IEEE (2016)

15.

Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., Wu, K.-P.: DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security, Asia JCIS, pp. 62–69. IEEE (2012)

16.

Androguard, March 2017. https://github.com/androguard/androguard/

17.

Yerima, S.Y., Sezer, S., McWilliams, G., Muttik, I.: A new Android malware detection approach using Bayesian classification. In: 2013 IEEE 27th International Conference on Advanced Information Networking and Applications, AINA, pp. 121–128. IEEE (2013)

18.

Fereidooni, H., Conti, M., Yao, D., Sperduti, A.: ANASTASIA: Android mAlware detection using STatic analySIs of Applications. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security, NTMS, pp. 1–5. IEEE (2016)

19.

Allix, K., Bissyandé, T.F., Jérome, Q., Klein, J., Le Traon, Y., et al.: Empirical assessment of machine learning-based malware detectors for Android. Empir. Softw. Eng. 21(1), 183–211 (2016)CrossRef

20.

Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying Android applications using machine learning. In: 2010 International Conference on Computational Intelligence and Security, pp. 329–333, December 2010

21.

Canfora, G., Medvet, E., Mercaldo, F., Visaggio, C.A.: Acquiring and analyzing app metrics for effective mobile malware detection. In: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, pp. 50–57. ACM (2016)

22.

Ban, T., Takahashi, T., Guo, S., Inoue, D., Nakao, K.: Integration of multi-modal features for Android malware detection using linear SVM. In: 2016 11th Asia Joint Conference on Information Security, AsiaJCIS, pp. 141–146. IEEE (2016)

23.

Martín, A., Calleja, A., Menéndez, H.D., Tapiador, J., Camacho, D.: ADROIT: Android malware detection using meta-information. In: 2016 IEEE Symposium Series on Computational Intelligence, SSCI, pp. 1–8. IEEE (2016)

24.

Feizollah, A., Anuar, N.B., Salleh, R., Suarez-Tangil, G., Furnell, S.: AndroDialysis: analysis of Android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)CrossRef

25.

Teufl, P., Ferk, M., Fitzek, A., Hein, D., Kraxberger, S., Orthacker, C.: Malware detection by applying knowledge discovery processes to application metadata on the Android Market (Google Play). Secur. Commun. Netw. 9(5), 389–419 (2013)CrossRef

26.

Aysan, A.I., Sen, S.: API call and permission based mobile malware detection. In: 2015 23rd Signal Processing and Communications Applications Conference, SIU, pp. 2400–2403. IEEE (2015)

27.

Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: ANDRUBIS-1,000,000 apps later: a view on current Android malware behaviors. In: Proceedings of the the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS (2014)

28.

Aysan, A.I., Sen, S.: “Do you want to install an update of this application?” A rigorous analysis of updated Android applications. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, CSCloud, pp. 181–186. IEEE (2015)

29.

Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)

30.

Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious Android applications. Future Gener. Comput. Syst. 36, 122–132 (2014)CrossRef

31.

Liu, X., Liu, J.: A two-layered permission-based Android malware detection scheme. In: 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, MobileCloud, pp. 142–148. IEEE (2014)

32.

Sheen, S., Ramalingam, A.: Malware detection in Android files based on multiple levels of learning and diverse data sources. In: Proceedings of the Third International Symposium on Women in Computing and Informatics, pp. 553–559. ACM (2015)

33.

Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., Massacci, F.: StaDynA: addressing the problem of dynamic code updates in the security analysis of Android applications. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 37–48. ACM (2015)

34.

Samra, A.A.A., Yim, K., Ghanem, O.A.: Analysis of clustering technique in Android malware detection. In: 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS, pp. 729–733. IEEE (2013)

35.

Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of Android permissions and applications. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 226–241. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39256-6_15CrossRef

36.

37.

Apktool. https://ibotpeaches.github.io/Apktool/. Accessed April 2017

38.

Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)

39.

Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newsl. 11(1), 10–18 (2009)CrossRef

40.

Wu, X., Kumar, V., Quinlan, J.R., Ghosh, J., Yang, Q., Motoda, H., McLachlan, G.J., Ng, A., Liu, B., Philip, S.Y., et al.: Top 10 algorithms in data mining. Knowl. Inf. Syst. 14(1), 1–37 (2008)CrossRef

41.

Android Market API. http://code.google.com/p/android-market-api. Accessed April 2017

42.

Virus Total. https://www.virustotal.com/. Accessed April 2017

43.

Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, no. 4, pp. 95–109, May 2012

Title: SAFEDroid: Using Structural Features for Detecting Android Malwares
Authors: Sevil Sen
Ahmet I. Aysan
John A. Clark
Publisher: Springer International Publishing
Book: Security and Privacy in Communication Networks
Print ISBN: 978-3-319-78815-9

Electronic ISBN: 978-3-319-78816-6

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-78816-6_18

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner