Turn off MathJax
Article Contents
YANG Jiyun, TANG Jiang, YAN Ran, XIANG Tao. Android Malware Detection Method Based on Permission Complement and API Calls[J]. Chinese Journal of Electronics. doi: 10.1049/cje.2020.00.217
Citation: YANG Jiyun, TANG Jiang, YAN Ran, XIANG Tao. Android Malware Detection Method Based on Permission Complement and API Calls[J]. Chinese Journal of Electronics. doi: 10.1049/cje.2020.00.217

Android Malware Detection Method Based on Permission Complement and API Calls

doi: 10.1049/cje.2020.00.217
More Information
  • Author Bio:

    received the B.S., M.S. and Ph.D. degrees in computer science from Chongqing University, China, in 2000, 2003, and 2008, respectively. He is currently a Professor of the College of Computer Science at Chongqing University. Dr. Yang’s research interests include Cryptanalysis, Android malware and machine learning

    received the BSc degree in computer science from Chongqing University of Education, China, in 2017. He is currently pursuing the MS degree in the College of Computer Science, Chongqing University, China. His current research interests include Android security and static program analysis

    received the BSc, MS degree in computer science from Chongqing University, China, in 2016, 2019, respectively. Her research interests include machine learning and dynamic program analysis

    received the B.S., M.S. and Ph.D. degrees in computer science from Chongqing University, Chongqing, China, in 2003, 2005, and 2008, respectively.He is currently a Professor with the College of Computer Science, Chongqing University. He has published over 90 papers on international journals and conferences. He also served as a referee for numerous international journals and conferences. His research interests include multimedia security, cloud security, data privacy, and cryptography

  • Accepted Date: 2021-12-09
  • Available Online: 2022-01-07
  • The dynamic code loading mechanism of the Android system allows an application to load executable files externally at runtime. This mechanism makes the development of applications more convenient, but it also brings security issues. Applications that hide malicious behavior in the external file by dynamic code loading are becoming a new challenge for Android malware detection. To overcome this challenge, based on dynamic code loading mechanisms, three types of threat models, i.e. model I, model II, and model III are defined. For the model I type malware, its malicious behavior occurs in DexCode, so the API classes were used to characterize the behavior of the DexCode file. For the model II type and model III type malwares whose malicious behaviors occur in an external file, the permission complement is defined to characterize the behaviors of the external file. Based on permission complement and API calls, an Android malicious application detection method is proposed, of which feature sets are constructed by improving a feature selection method. Five datasets containing 15,581 samples are used to evaluate the performance of the proposed method. The experimental results show that our detection method achieves accuracy of 99.885% on general dataset, and performes the best on all evaluation metrics on all datasets in all comparison methods.
  • loading
  • [1]
    IDC. Smartphone market share. Technical report, IDC, http://www.idc.com/prodserv/smartphone-os-market-share.jsp, 2020.
    [2]
    Forbes. Many popular android apps leak sensitive data, leaving millions of consumers at risk. Technical report, Forbes, https://www.forbes.com/sites/ajdellinger/2019/06/07/many-popularandroid-apps-leak-sensitive-data-leaving-millions-of-consumers-atrisk/, 2019.
    [3]
    Symantec. Internet security threat report. Technical report, Symantec, https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf, 2019.
    [4]
    O. Gadyatskaya Y. Zhauniarovich, M. Ahmad. Stadyna: Addressing the problem of dynamic code updates in the security analysis of android applications. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, San Antonio, TX, USA, March 2-4, 2015, pages 37–48, 2015.
    [5]
    B. Crispo M. Ahmad, V. Costamagna, “Stadart: Addressing the problem of dynamic code updates in the security analysis of android applications,” Journal of Systems and Software, vol.159, article no.110386, 2020. doi: 10.1016/j.jss.2019.07.088
    [6]
    A. Bianchi S. Poeplau, Y. Fratantonio. Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, 2014.
    [7]
    Breiman L, “Random forests,” Machine Learning, vol.45, no.1, pp.5–32, 2001. doi: 10.1023/A:1010933404324
    [8]
    M. Hubner D. Arp, M. Spreitzenbarth. DREBIN: effective and explainable detection of android malware in your pocket. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, 2014.
    [9]
    Q.B. Yan J. Li, L.C. Sun, “Significant permission identification for machine-learning-based android malware detection,” IEEE Trans. Industrial Informatics, vol.14, no.7, pp.3216–3225, 2018. doi: 10.1109/TII.2017.2789219
    [10]
    D. Camacho A. Martín, R. Lara-Cabrera, “Android malware detection through hybrid features fusion and ensemble classifiers: The andropytool framework and the omnidroid dataset,” Information Fusion, vol.52, pp.128–142, 2019. doi: 10.1016/j.inffus.2018.12.006
    [11]
    S. Sen A. I. Aysan, F. Sakiz, “Analysis of dynamic code updating in android with security perspective,” IET Information Security, vol.13, no.3, pp.269–277, 2019. doi: 10.1049/iet-ifs.2018.5316
    [12]
    S. Hanna D. Song D. Wagner A.P. Felt, E. Chin. Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11, pages 627–638, New York, NY, USA, 2011. ACM.
    [13]
    F. Mercaldo M. Scalas, D. Maiorca, “On the effectiveness of system api-related information for android ransomware detection,” Computers & Security, vol.86, pp.168–182, 2019.
    [14]
    Janus. An android application market, 2020.
    [15]
    Google. Google play store. https://play.google.com/store/apps/, 2019.
    [16]
    Koodous. An android application market, 2020.
    [17]
    VirusTotal. Analyze suspicious files and urls to detect types of malware, 2020.
    [18]
    AnZhi. An android application market, 2020.
    [19]
    Vinod P, Akka Zemmari, and Mauro Conti, “A machine learning based approach to detect malicious android apps using discriminant system calls,” Future Generation Comp. Syst., vol.94, pp.333–350, 2019. doi: 10.1016/j.future.2018.11.021
    [20]
    Christopher J. C. Burges, “A tutorial on support vector machines for pattern recognition,” Data Min. Knowl. Discov., vol.2, no.2, pp.121–167, 1998. doi: 10.1023/A:1009715923555
    [21]
    Y.W. Teh G.E. Hinton, S. Osindero, “A fast learning algorithm for deep belief nets,” Neural Computation, vol.18, no.7, pp.1527–1554, 2006. doi: 10.1162/neco.2006.18.7.1527
    [22]
    R.E. Schapire Y. Freund. A decision-theoretic generalization of on-line learning and an application to boosting. In Computational Learning Theory, Second European Conference, EuroCOLT’95, Barcelona, Spain, March 13-15, 1995, Proceedings, pages 23–37, 1995.
    [23]
    B. Omman R. Raphael, P. Vinod. X-anova ranked features for android malware analysis. In 2014 Annual IEEE India Conference (INDICON), pages 1–6, Dec 2014.
    [24]
    Benjamin Andow W. Yang, X.S. Xiao. Appcontext: Differentiating malicious and benign mobile app behaviors using context. In 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, Volume 1, pages 303–313, 2015.
    [25]
    S. Niu T. Yang, H. Cui, “Dynamic loading vulnerability detection for android applications through ensemble learning,” Chinese Journal of Electronics, no.05, pp.76–81, 2017.
    [26]
    X. Wang W. Wang, Y.Y Li, “Detecting android malicious apps and categorizing benign apps with ensemble of classifiers,” Future Generation Comp. Syst., vol.79, pp.987–994, 2018.
    [27]
    Z. Zhu H.J Zhu, Z.H. You, “Droiddet: Effective and robust detection of android malware using static analysis along with rotation forest model,” Neurocomputing, vol.272, pp.638–646, 2018. doi: 10.1016/j.neucom.2017.07.030
    [28]
    T. Acarman A. Pektaş, “Learning to detect android malware via opcode sequences,” Neurocomputing, 2019.
    [29]
    G. McWilliams S.Y. Yerima, S. Sezer, “Analysis of bayesian classification-based approaches for android malware detection,” IET Information Security, vol.8, no.1, pp.25–36, 2014. doi: 10.1049/iet-ifs.2013.0095
    [30]
    X.J. Du S. Liang. Permission-combination-based scheme for android mobile malware detection. In IEEE International Conference on Communications, ICC 2014, Sydney, Australia, June 10-14, 2014, pages 2301–2306, 2014.
    [31]
    D. Camacho A. Martín, V. Rodríguez-Fernández, “CANDYMAN: classifying android malware families by modelling dynamic traces with markov chains,” Eng. Appl. of AI, vol.74, pp.121–133, 2018.
    [32]
    Y. Liu Y.X. Xue, G.Z. Meng, “Auditing anti-malware tools by evolving android malware and dynamic loading technique,” IEEE Trans. Information Forensics and Security, vol.12, no.7, pp.1529–1544, 2017. doi: 10.1109/TIFS.2017.2661723
    [33]
    L. Zhang S.S. Wang, Z.X. Chen. Trafficav: An effective and explainable detection of mobile malware behavior using network traffic. In 24th IEEE/ACM International Symposium on Quality of Service, IWQoS 2016, Beijing, China, June 20-21, 2016, pages 1–6, 2016.
    [34]
    Q. Li X. Xiao, Z.L. Wang, “Back-propagation neural network on markov chains from system call sequences: a new approach for detecting android malware with system call sequences,” IET Information Security, vol.11, no.1, pp.8–15, 2017. doi: 10.1049/iet-ifs.2015.0211
    [35]
    C. Sun P.B. Feng, J.F Ma, “A novel dynamic android malware detection system with ensemble learning,” IEEE Access, vol.6, pp.30996–31011, 2018. doi: 10.1109/ACCESS.2018.2844349
    [36]
    J.H. Tang J. Li, Z. Wang, “An android malware detection system based on feature fusion,” Chinese Journal of Electronics, 2018.
    [37]
    S. Guarnieri M. Pistoia D. Sbirlea, M.G. Burke, “Automatic detection of inter-application permission leaks in android applications,” Ibm Journal of Research & Development, vol.57, no.6, pp.1–12, 2013.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(9)  / Tables(8)

    Article Metrics

    Article views (96) PDF downloads(8) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return