Top

Evolutionary Intelligence

Published in:

12-11-2020 | Research Paper

SOMDROID: android malware detection by artificial neural network trained using unsupervised learning

Authors: Arvind Mahindru, A. L. Sangal

Published in: Evolutionary Intelligence | Issue 1/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Android has gained its popularity due to its open-source and number of freely available apps in its official play store. Appropriate functioning of Android apps depends upon the permission or set of permissions which an app demands at the time of installation and run-time. By taking the advantage of these permissions or set of permissions, cybercriminals are developing malware-infected apps daily. In this study, we proposed a framework named as “SOMDROID”, that work on the principle of unsupervised machine learning algorithm. To develop an effective and efficient Android malware detection model, we collect 5,00,000 distinct Android apps from promised repositories and extract 1844 unique features. Further, to select significant features or feature sets, we applied six different feature ranking approaches in this study. With the selected feature or feature sets, we implement the Self-Organizing Map (SOM) algorithm of Kohonen and measure four distinct performance parameters, i.e., Intra-cluster distance, Inter-cluster distance, Accuracy and F-measure. Empirical result reveals that our proposed framework is able to detect 98.7% malware that belongs to unknown families and in addition to that the detection rate is higher by 2% when compared to commercial anti-virus scanners and frameworks proposed in the literature.

previous article Dynamic kidney paired exchange using modified multiverse optimization

next article A novel approach to build accurate and diverse decision tree forest

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

https://www.bankmycell.com/blog/how-many-phones-are-in-the-world.

https://play.google.com/store?hl=en_IN.

https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/.

https://securelist.com/it-threat-evolution-q2-2019-statistics/92053/.

https://www.virustotal.com/gui/.

https://windows-defender.en.softonic.com/download.

Mahindru, Arvind (2020), “Android permissions data set, Android Malware, and benign Application Data set (consist of permissions and API calls)”, Mendeley Data, v3 http://dx.doi.org/10.17632/b4mxg7ydb7.3.

https://developer.android.com/guide/topics/permissions/overviewr.

https://towardsdatascience.com/self-organizing-maps-ff5853a118d4.

https://en.wikipedia.org/wiki/Winner-take-all_(computing).

https://en.wikipedia.org/wiki/Heat_map.

Training parameters consider to train the SOM are as follows: value of \(\alpha\) for rough training is “0.5” and for fine tuning it is “0.05”. Starting neighborhood size is “3” for rough training and “1” for fine tuning. Size of the map consider in this study is 10 x 10. Gaussian and Hexagonal are considered as neighborhood function and relation respectively for both the rough and fine tuning. Value of \(\alpha\) scheme is set to be \(inverser_t\) and epoch limit is set to be 2000 in this study.

https://en.wikipedia.org/wiki/Euclidean_distance.

For calculating Accuracy and F-measure, we use traditional methods that were available in the literature having 100% labelled data set. But, in the case of SOM, it is unlabelled data set.

Experiment was performed on only 2,00,000 Android apps, obtained on the basis of user rating .

For this experiment, the size of the Android app is less than 50 MB.

Experiment was performed on Android apps having a size less than 50 MB.

Alkhateeb EMS (2017) Dynamic malware detection using API similarity. In: 2017 IEEE international conference on computer and information technology (CIT), IEEE, pp 297–301

Allix K, Bissyandé TF, Jérome Q, Klein J, Traon YL et al (2016) Empirical assessment of machine learning-based malware detectors for android. Empir Softw Eng 21(1):183–211

Almin SB, Chatterjee M (2015) A novel approach to detect android malware. Procedia Comput Sci 45:407–417

Alzaylaee MK, Yerima SY, Sezer S (2017) Emulator vs real phone: android malware detection using machine learning. In: Proceedings of the 3rd ACM on international workshop on security and privacy analytics

Andriatsimandefitra R, Tong VVT (2015) Detection and identification of android malware based on information flow monitoring. In: 2015 IEEE 2nd international conference on cyber security and cloud computing, IEEE, pp 200–203

Azmoodeh A, Dehghantanha A, Choo KKR (2018) Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans Sustain Comput 4(1):88–95

Barrera D, Kayacik HG, Oorschot PCV, Somayaji A (2010) A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM conference on computer and communications security, pp 73–84

Bläsing T, Batyuk L, Schmidt AD, Camtepe SA, Albayrak S (2010) An android application sandbox system for suspicious software detection. In: 2010 5th international conference on malicious and unwanted software, IEEE, pp 55–62

Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices, pp 15–26

10.

Canbek G, Baykal N, Sagiroglu S (2017) Clustering and visualization of mobile application permissions for end users and malware analysts. In: 2017 5th international symposium on digital forensic and security (ISDFS), IEEE, pp 1–10

11.

Carlin D, Cowan A, O’kane P, Sezer S (2017) The effects of traditional anti-virus labels on malware detection using dynamic runtime opcodes. IEEE Access 5:17742–17752

12.

Caviglione L, Gaggero M, Lalande JF, Mazurczyk W, Urbański M (2015) Seeing the unseen: revealing mobile malware hidden communications via energy consumption and artificial intelligence. IEEE Trans Inf Forensics Secur 11(4):799–810

13.

Chen S, Xue M, Fan L, Hao S, Xu L, Zhu H, Li B (2018) Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput Secur 73:326–344

14.

Demontis A, Melis M, Biggio B, Maiorca D, Arp D, Rieck K, Corona I, Giacinto G, Roli F (2017) Yes, machine learning can be more secure! a case study on android malware detection. IEEE Trans Dependable Secure Comput

15.

Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2014) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst 32(2):1–29

16.

Faruki P, Ganmoor V, Laxmi V, Gaur MS, Bharmal A (2013) Androsimilar: robust statistical feature signature for android malware detection. In: Proceedings of the 6th international conference on security of information and networks, pp 152–159

17.

Faruki P, Bharmal A, Laxmi V, Ganmoor V, Gaur MS, Conti M, Rajarajan M (2014) Android security: a survey of issues, malware penetration, and defenses. IEEE Commun Surv Tutor 17(2):998–1022

18.

Fereidooni H, Conti M, Yao D, Sperduti A (2016) Anastasia: android malware detection using static analysis of applications. In: 2016 8th IFIP international conference on new technologies, mobility and security (NTMS), IEEE, pp 1–5

19.

Firdaus A, Anuar NB, Karim A, Razak MFA (2018) Discovering optimal features using static analysis and a genetic search based method for android malware detection. Front Inf Technol Electron Eng 19(6):712–736

20.

Fuchs AP, Chaudhuri A, Foster JS (2009) Scandroid: automated security certification of android applications. Manuscript, Univ of Maryland 2(3)

21.

Han W, Xue J, Wang Y, Liu Z, Kong Z (2019) Malinsight: a systematic profiling based malware detection framework. J Netw Comput Appl 125:236–250

22.

Hou S, Ye Y, Song Y, Abdulhayoglu M (2017) Hindroid: an intelligent android malware detection system based on structured heterogeneous information network. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining, pp 1507–1515

23.

Huda S, Miah S, Hassan MM, Islam R, Yearwood J, Alrubaian AM, Almogren, (2017) Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data. Inf Sci 379:211–228

24.

Idrees F, Rajarajan M, Conti M, Chen TM, Rahulamathavan Y (2017) Pindroid: a novel android malware detection system using ensemble learning methods. Comput Secur 68:36–46

25.

Kantardzic M (2011) Data mining: concepts, models, methods, and algorithms. Wiley, New JerseyMATH

26.

Karbab EB, Debbabi M, Derhab A, Mouheb D (2018) Maldozer: automatic framework for android malware detection using deep learning. Digit Investig 24:S48–S59

27.

Kim T, Kang B, Rho M, Sezer S, Im EG (2018) A multimodal deep learning method for android malware detection using various features. IEEE Trans Inf Forensics Secur 14(3):773–788

28.

Kohavi R, John GH et al (1997) Wrappers for feature subset selection. Artif Intell 97(1–2):273–324MATH

29.

Kumar L, Hota C, Mahindru A, Neti LBM (2019) Android malware prediction using extreme learning machine with different kernel functions. In: Proceedings of the Asian internet engineering conference, association for computing machinery, New York, AINTEC–19, p 33–40, https://doi.org/10.1145/3340422.3343639

30.

Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inf 14(7):3216–3225

31.

Lindorfer M, Neugschwandtner M, Weichselbaum L, Fratantonio Y, Veen VVD, Platzer C (2014) Andrubis–1,000,000 apps later: a view on current android malware behaviors. In: 2014 third international workshop on building analysis datasets and gathering experience returns for security (BADGERS), IEEE, pp 3–17

32.

Ma Z, Ge H, Liu Y, Zhao M, Ma J (2019) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7:21235–21245

33.

Mahindru A, Sangal A (2019) Deepdroid: feature selection approach to detect android malware using deep learning. In: 2019 IEEE 10th international conference on software engineering and service science (ICSESS), IEEE, pp 16–19

34.

Mahindru A, Sangal A (2020a) Dldroid: feature selection based malware detection framework for android apps developed during covid-19. Int J Emerg Technol 11(3):516–525

35.

Mahindru A, Sangal A (2020b) Feature-based semi-supervised learning to detect malware from android. Automated software engineering: a deep learning-based approach. Springer, Cham, pp 93–118

36.

Mahindru A, Sangal A (2020c) Gadroid: a framework for malware detection from android by using genetic algorithm as feature selection approach. Int J Adv Sci Technol 29(5):5532–5543

37.

Mahindru A, Sangal A (2020d) Parudroid: validation of android malware detection dataset. J Cybersecur Inf Manag 3:42–52

38.

Mahindru A, Sangal A (2020e) Perbdroid: effective malware detection model developed using machine learning classification techniques. A journey towards bio-inspired techniques in software engineering. Springer, Cham, pp 103–139

39.

Mahindru A, Singh P (2017) Dynamic permissions based android malware detection using machine learning techniques. In: Proceedings of the 10th innovations in software engineering conference, pp 202–210

40.

Martín A, Menéndez HD, Camacho D (2017) Mocdroid: multi-objective evolutionary classifier for android malware detection. Soft Comput 21(24):7405–7415

41.

Martín A, Lara-Cabrera R, Camacho D (2019) Android malware detection through hybrid features fusion and ensemble classifiers: the andropytool framework and the omnidroid dataset. Inf Fusion 52:128–142

42.

Martinelli F, Mercaldo F, Saracino A (2017) Bridemaid: an hybrid tool for accurate detection of android malware. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security, pp 899–901

43.

Mas’ud MZ, Sahib S, Abdollah MF, Selamat SR, Yusof R (2014) Analysis of features selection and machine learning classifier in android malware detection. In: 2014 international conference on information science and applications (ICISA), IEEE, pp 1–5

44.

McLaughlin N, del Rincon JM, Kang B, Yerima S, Miller P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doupé A, et al. (2017) Deep android malware detection. In: Proceedings of the seventh ACM on conference on data and application security and privacy

45.

Milosevic N, Dehghantanha A, Choo KKR (2017) Machine learning aided android malware classification. Comput Electr Eng 61:266–274

46.

Narayanan A, Chandramohan M, Chen L, Liu Y (2018) A multi-view context-aware approach to android malware detection and malicious code localization. Empir Softw Eng 23(3):1222–1274

47.

Narudin FA, Feizollah A, Anuar NB, Gani A (2016) Evaluation of machine learning classifiers for mobile malware detection. Soft Comput 20(1):343–357

48.

Ng DV, Hwang JIG (2014) Android malware detection using the dendritic cell algorithm. In: 2014 international conference on machine learning and cybernetics, IEEE, vol 1, pp 257–262

49.

Novakovic J (2010) The impact of feature selection on the accuracy of naïve bayes classifier. In: 18th telecommunications forum TELFOR, vol 2, pp 1113–1116

50.

Plackett RL (1983) Karl Pearson and the chi-squared test. Int Stat Rev/Revue Internationale de Statistique 51:59–72MathSciNetMATH

51.

Portokalidis G, Homburg P, Anagnostakis K, Bos H (2010) Paranoid android: versatile protection for smartphones. In: Proceedings of the 26th annual computer security applications conference, pp 347–356

52.

Razmjooy N, Mousavi BS, Soleymani F (2013) A hybrid neural network imperialist competitive algorithm for skin color segmentation. Math Comput Modell 57(3–4):848–856

53.

Razmjooy N, Ramezani M, Ghadimi N (2017) Imperialist competitive algorithm-based optimization of neuro-fuzzy system parameters for automatic red-eye removal. Int J Fuzzy Syst 19(4):1144–1156

54.

Razmjooy N, Sheykhahmad FR, Ghadimi N (2018) A hybrid neural network-world cup optimization algorithm for melanoma detection. Open Med 13(1):9–16

55.

Razmjooy N, Ashourian M, Karimifard M, Estrela VV, Loschi HJ, do Nascimento D, França RP, Vishnevski M, (2020) Computer-aided diagnosis of skin cancer: a review. Curr Med Imaging 16(7):781–93

56.

Ren Z, Wu H, Ning Q, Hussain I, Chen B (2020) End-to-end malware detection for android IoT devices using deep learning. Ad Hoc Netw 101:102098

57.

Samra AAA, Yim K, Ghanem OA (2013) Analysis of clustering technique in android malware detection. In: 2013 seventh international conference on innovative mobile and internet services in ubiquitous computing, IEEE, pp 729–733

58.

Sanz B, Santos I, Laorden C, Ugarte-Pedrero X, Bringas PG, Álvarez G (2013) Puma: permission usage to detect malware in android. In: International joint conference CISIS’12-ICEUTE 12-SOCO 12 special sessions, Springer, pp 289–298

59.

Saracino A, Sgandurra D, Dini G, Martinelli F (2016) Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secur Comput 15(1):83–97

60.

Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) “andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190

61.

Sheen S, Anitha R, Natarajan V (2015) Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing 151:905–912

62.

Shen F, Vecchio JD, Mohaisen A, Ko SY, Ziarek L (2018) Android malware detection using complex-flows. IEEE Trans Mobile Comput 18(6):1231–1245

63.

Shen T, Zhongyang Y, Xin Z, Mao B, Huang H (2014) Detect android malware variants using component based topology graph. In: 2014 IEEE 13th international conference on trust, security and privacy in computing and communications, IEEE, pp 406–413

64.

Tam K, Khan SJ, Fattori A, Cavallaro L (2015) Copperdroid: automatic reconstruction of android malware behaviors. In: Ndss

65.

Tang A, Sethumadhavan S, Stolfo SJ (2014) Unsupervised anomaly-based malware detection using hardware features. In: International workshop on recent advances in intrusion detection, Springer, pp 109–129

66.

Tong F, Yan Z (2017) A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput 103:22–31

67.

Ultsch A (1990) Kohonen’s self organizing feature maps for exploratory data analysis. In: Proceedings of the INNC90, pp 305–308

68.

Vemparala S, Troia FD, Corrado VA, Austin TH, Stamo M (2016) Malware detection using dynamic birthmarks. In: Proceedings of the 2016 ACM on international workshop on security and privacy analytics

69.

Wang W, Zhao M, Wang J (2019) Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J Ambient Intell Humaniz Comput 10(8):3035–3043

70.

Xiao L, Wang K, Teng Y, Zhang J (2003) Component plane presentation integrated self-organizing map for microarray data analysis. FEBS Lett 538(1–3):117–124

71.

Xiao X, Zhang S, Mercaldo F, Hu G, Sangaiah AK (2019) Android malware detection based on system call sequences and lstm. Multimed Tools Appl 78(4):3979–3999

72.

Xu R, Saïdi H, Anderson R (2012) Aurasium: practical policy enforcement for android applications. In: Presented as part of the 21st \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 12), pp 539–552

73.

Yerima SY, Sezer S (2018) Droidfusion: a novel multilevel classifier fusion approach for android malware detection. IEEE Trans Cybern 49(2):453–466

74.

Yerima SY, Sezer S, McWilliams G, Muttik I (2013) A new android malware detection approach using bayesian classification. In: 2013 IEEE 27th international conference on advanced information networking and applications (AINA), IEEE, pp 121–128

75.

Yerima SY, Sezer S, McWilliams G (2014) Analysis of bayesian classification-based approaches for android malware detection. IET Inf Secur 8(1):25–36

76.

Yu D, Wang Y, Liu H, Jermsittiparsert K, Razmjooy N (2019) System identification of pem fuel cells using an improved elman neural network and a new hybrid optimization algorithm. Energy Rep 5:1365–1374

77.

Yuan Z, Lu Y, Xue Y (2016) Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci Technol 21(1):114–123

78.

Zhang K, Li C, Wang Y, Zhu X, Wang H (2017) Collaborative support vector machine for malware detection. Procedia Comput Sci 108:1682–1691

79.

Zhou W, Zhou Y, Jiang X, Ning P (2012) Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the second ACM conference on data and application security and privacy, pp 317–326

80.

Zhu HJ, Jiang TH, Ma B, You ZH, Shi WL, Cheng L (2018a) Hemd: a highly efficient random forest-based malware detection framework for android. Neural Comput Appl 30(11):3353–3361

81.

Zhu HJ, You ZH, Zhu ZX, Shi WL, Chen X, Cheng L (2018b) Droiddet: effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing 272:638–646

Title: SOMDROID: android malware detection by artificial neural network trained using unsupervised learning
Authors: Arvind Mahindru
A. L. Sangal
Publication date: 12-11-2020
Publisher: Springer Berlin Heidelberg
Published in: Evolutionary Intelligence / Issue 1/2022
Print ISSN: 1864-5909
Electronic ISSN: 1864-5917
DOI: https://doi.org/10.1007/s12065-020-00518-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2022

The hybridization of ACO + GA and RVNS algorithm for solving the time-dependent traveling salesman problem

A novel method to solve visual tracking problem: hybrid algorithm of grasshopper optimization algorithm and differential evolution

Two levels approach based on multifactorial optimization to solve the clustered shortest path tree problem

A modified teaching learning metaheuristic algorithm with opposite-based learning for permutation flow-shop scheduling problem

Towards robot vision using deep neural networks in evolutionary robotics

A hybrid approach to energy efficient clustering and routing in wireless sensor networks

Premium Partner