LI Jian, WANG Zheng, WANG Tao, TANG Jinghao, YANG Yuguang, ZHOU Yihua. An Android Malware Detection System Based on Feature Fusion[J]. Chinese Journal of Electronics, 2018, 27(6): 1206-1213. doi: 10.1049/cje.2018.09.008
Citation: LI Jian, WANG Zheng, WANG Tao, TANG Jinghao, YANG Yuguang, ZHOU Yihua. An Android Malware Detection System Based on Feature Fusion[J]. Chinese Journal of Electronics, 2018, 27(6): 1206-1213. doi: 10.1049/cje.2018.09.008

An Android Malware Detection System Based on Feature Fusion

doi: 10.1049/cje.2018.09.008
Funds:  This work is supported by the National Natural Science Foundation of China (No.61472048, No.61572053) and the Beijing Natural Science Foundation (No.4152038, No.4162005).
More Information
  • Corresponding author: WANG Zheng (corresponding author) is a M.S. candidate in the School of Computer at the Beijing University of Posts and Telecommunications, China. His research interests include machine learning, data mining, intelligent network security. (Email:wangzheng@bupt.edu.cn)
  • Received Date: 2016-04-18
  • Rev Recd Date: 2016-08-30
  • Publish Date: 2018-11-10
  • In order to improve the detection efficiency of Android malicious application, an Android malware detection system based on feature fusion is proposed on three levels. Feature fusion especially emphasizes on ten categories, which combines static and dynamic features and includes 377 features for classification. In order to improve the accuracy of malware detection, attribute subset selection and principle component analysis are used to reduce the dimensionality of fusion features. Random forest is used for classification. In the experiment, the dataset includes 43,822 benign applications and 8,454 malicious applications. The method can achieve 99.4% detection accuracy and 0.6% false positive rate. The experimental results show that the detection method can improve the malware detection efficiency in Android platform.
  • loading
  • Egham, “Gartner says worldwide smartphone sales grew 9.7 percent in fourth quarter of 2015”, http://www.gartner.com/newsroom/id/3215217,2016-2-18.
    S. Erika, “Lookout's app genome project finds the android market is outpacing apple app store in growth of apps by 3x”, http://www.businesswire.com/news/home/201102160056-02/en/Lookout%E2%80%99s-App-Genome-Project-FindsAndroid-Market, 2011-2-16.
    Baidu, “Mobile Internet Trends Q2”, http://developer.baidu.com/static/assets/reportpdf/%E7%99%BE%E5%BA%A6%E-7%A7%BB%E5%8A%A8%E8%B6%8B%E5%8A%BF%E6%8-A%A5%E5%91%8A2014Q2.pdf, 2014-8.
    T. Connor and W. Ryszard, “A tool for reverse engineering Android apk files”, https://ibotpeaches.github.io/Apktool/,2016-8-7.
    360 Internet Security Center, “2016 China mobile security report”, http://zt.360.cn/1101061855.php?dtid=1101061451&did=3701370185,2016-07-29.
    H. Zhang, J.L. Wu, J.J. Tang, et al., “NeighborWatcher: Detecting piggybacked smartphone applications with their family members”, Chinese Journal of Electronics, Vol.42, No.8, pp.1642-1646, 2014. (in Chinese).
    W. Enck, P. Gilbert, B.G. Chun, et al., “Taintdroid: An information flow tracking system for real-time privacy monitoring on smartphones”, Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, USENIX Association Berkeley, CA, USA, pp.393-407, 2010.
    W. Enck, D. Octeau, P. McDaniel, et al., “A study of Android application security”, Proceedings of the 20th USENIX Conference on Security, USENIX Association Berkeley, CA, USA, pp.21-21, 2011-8.
    W. Enck, M. Ongtang and P. McDaniel., “On lightweight mobile phone application certification”, Proceedings of the 16th ACM Conference on Computer and Communications Security, New York, NY, USA, pp.235-245, 2009.
    A.P. Felt, E. Chin, S. Hanna, et al., “Android permissions demystified”, Proceedings of the 18th ACM Conference on Computer and Communications Security, New York, NY, USA, pp.627-638, 2011.
    M. Grace, Y.J. Zhou, Q. Zhang, et al., “Riskranker: Scalable and accurate zero-day android malware detection”, Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, New York, NY, USA, pp.281-294, 2012.
    Y.J. Zhou, Z Wang, W Zhou, et al., “Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets”, Proc. of Network and Distributed System Security Symposium (NDSS), 2012.
    L.K. Yan and H. Yin, “DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic android Malware analysis”, Proc. of USENIX Security Symposium, 2012.
    H. Peng, C. Gates, B. Sarma, et al., “Using probabilistic generative models for ranking risks of android apps”, Proceedings of the 2012 ACM Conference on Computer and Communications Security, New York, NY, USA, pp.241-252, 2012.
    I. Burguera, U. Zurutuza and S. Nadjm-Tehrani, “Crowdroid: Behavior-based malware detection system for android”, Proc. of ACM Worksgop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp.15-26, 2011.
    D.J. Wu, C.H. Mao, T.E. Wei, et al., “Droidmat: Android malware detection through manifest and API calls tracing”, Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on, Tokyo, pp.62-69, 2012.
    H. Gascon, F. Yamaguchi, D. Arp, et al., “Structural detection of android malware using embedded call graphs”, Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, New York, NY, USA, pp.45-54, 2013.
    S. Chakradeo, B. Reaves, P. Traynor, et al., “Triage for marketscale mobile malware analysis”, Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York, NY, USA, pp.13-24, 2013.
    Y. Aafer, W. Du and H. Yin, “DroidAPIMiner: Mining APIlevel features for robust malware detection in android”, International Conference on Security and Privacy in Communication Systems, Sydney, NSW, Australia, pp.86-103, 2013.
    B.P. Sarma, N. Li, C. Gates, et al., “Android permissions: A perspective combining risks and benefits”, Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp.13-22, 2012.
    X. Jiang. “Security alert: New droidkungfu variant”, https://www.csc.ncsu.edu/faculty/jiang/DroidKungFu3/, 2011-8-17.
    D. Arp, M. Spreitzenbarth, M. Hubner, et al., “DREBIN: Effective and explainable detection of android malware in your pocket”, NDSS Symposium 2014, 2014.
    Z. Fu, G. Lu, K.M. Ting, et al., “Learning naive bayes classifiers for music classification and retrieval”, Proc. of IEEE Conference Publications, pp.4589-4592, 2010.
    W. Sun, Y. Yang and Y. Li, “Learning Bayesian network classifier based on dependency analysis and hypothesis testing”, 5th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC ), Vol.1, pp.406-409, 2013.
    P. Geurts, D. Ernst and L. Wehenkel, “Extremely randomized trees”, Machine Learning, Vol.63, No.1, pp.3-42, 2006.
    T. Hastie, R. Tibshirani and J. Friedman, Elements of Statistical Learning, Springer, 2009.
    L. Wang, L. Khan and B. Thuraisingham, “An effective evidence theory based K-nearest neighbor (KNN) classification”, Web Intelligence and Intelligent Agent Technology, 2008, WⅡAT'08, IEEE/WIC/ACM International Conference on, Vol.1, pp.797-801, 2008.
    L. Breiman, “Random forests”, Machine Learning, Vol.45, No.1, pp.5-32, 2001.
    G. Batista, R. Prati and M. Monard, “A study of the behavior of several methods for balancing machine learning training data”, ACM SIGKDD Explorations Newsletter, Vol.6, No.1, pp.20-29, 2004.
    S.Y. Yerima, S. Sezer, G. McWilliams, et al., “A new android malware detection approach using Bayesian classification”, IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), Barcelona, Spain, pp.121-128, 2013.
    B. Sanz, I. Santos, C. Laorden, et al., “PUMA: Permission usage to detect malware in android”, Int. Joint Conf. CISIS'12-ICEUTÉ12-SOCO'12 Special Sessions, in Advances in Intelligent Systems and Computing, Vol.189, pp.289-298, 2013.
    T. Hastie, R. Tibshirani and J. Friedman. The Elements of Statistical Learning, Springer, 2009.
    S.Y. Yerima, S. Sezer and G. McWilliams, “Analysis of Bayesian classification-based approaches for Android malware detection”, IET Inf. Secur, Vol.8, No.1, pp.25-36, 2014.
    S.Y. Yerima, S. Sezer and I. Muttik, “High accuracy android malware detection using ensemble learning”, IET Inf. Secur, Vol.9, No.6, pp.313-320, 2015.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (198) PDF downloads(220) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return