Neural Computing and Applications

, Volume 31, Supplement 1, pp 185–194 | Cite as

Detection malicious Android application based on simple-Dalvik intermediate language

  • Qi LiEmail author
  • Bowen Sun
  • Meiqi Chen
  • Hang Dong
S.I. : Machine Learning Applications for Self-Organized Wireless Networks


In recent years, mobile malware has become one of the most important threats to the development of mobile Internet. Effective prevention and control of malicious applications concern the healthy development of the mobile Internet industry and the vital interests of the vast number of mobile terminal users. However, due to many new characteristics of mobile intelligent terminals, such as storing personal privacy data, the traditional software security technology cannot be applied to mobile applications directly. Therefore, the security detection for mobile applications is of great significance. In this paper, we proposed a simple-Dalvik intermediate language-based method to detect the malicious mobile applications. In this method, we first reduce the 218 instructions in the Dalvik instruction set to a simpler set, SDIL, through simplification and optimization. By using SDIL, we can effectively refine the instruction features and maintain the control relationships of the source program. After that, we use an improved MOSS algorithm to detect malicious mobile applications. Our experimental results show that the method proposed in this paper greatly improves the detection efficiency of malicious mobile applications and maintains good accuracy.


Mobile application Malware detection Malicious Android application 



The authors acknowledge the project (2016QY06X1205, U1536119, U153610079).


  1. 1.
    Euler M, Rodolfo F (2017) PLATEM: a method for mobile applications testing. IET Softw 11(6):319–328CrossRefGoogle Scholar
  2. 2.
    Tencent (2017) Myapp market. Accessed 17 Oct 2017
  3. 3.
    Guo L, Jin B, Ruiyun Y et al (2016) Multi-label classification methods for green computing and application for mobile medical recommendations. IEEE Access 4:3201–3209CrossRefGoogle Scholar
  4. 4.
    Martinez HS, Rodriguez M, Dominguez EL (2017) Túum: test model for native mobile applications. IEEE Lat Am Trans 15(5):994–1000CrossRefGoogle Scholar
  5. 5.
    Google (2017) Manifest permission. Accessed 21 Dec 2017
  6. 6.
    Google (2017) Dalvik bytecode. Accessed 17 Dec 2017
  7. 7.
    Dong F, Wang J, Li Q, Xu G, Zhang S (2017) Defect prediction in android binary executables using deep neural network. Wirel Pers Commun 102(3):2261–2285 (special issue on machine learning for big data processing in mobile internet, online, 2017–11-15) CrossRefGoogle Scholar
  8. 8.
    Yao D, Wang J, Li Q (2017) An android malware detection approach using community structures of weighted function call graphs. IEEE Access 5:17478–17486CrossRefGoogle Scholar
  9. 9.
    Ma Z, Chen Z, Wang X, Nie R, Zhao G (2017) Shikra: a behavior-based android malware detection framework. In: International conference on green informatics, pp 175–184Google Scholar
  10. 10.
    Wang S, Liu T, Tan L (2017) Automatically learning semantic features for defect prediction. In: IEEE/ACM international conference on software engineering, pp 297–308Google Scholar
  11. 11.
    Du Y, Wang X, Wang J (2015) A static android malicious code detection method based on multisource fusion. Secur Commun Netw 8(17):3238–3246CrossRefGoogle Scholar
  12. 12.
    Saracino A, Sgandurra D, Dini G, Martinelli F (2016) MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secure Comput 99:1Google Scholar
  13. 13.
    Narayanan A, Chandramohan M, Chen L, Liu Y (2018) A multi-view context-aware approach to android malware detection and malicious code localization. Empir Softw Eng 23(3):1222–1274CrossRefGoogle Scholar
  14. 14.
    Arora A, Peddoju SK (2017) Minimizing network traffic features for android mobile malware detection. In: Proceedings of the 18th international conference on distributed computing and networking. ACM Press, p 32Google Scholar
  15. 15.
    Chakravartula RN, Lakshmi VN (2017) Combating malware with whitelisting in IoT-based medical devices. Int J Comput Appl 167(8):33–37Google Scholar
  16. 16.
    Llauradó DG (2016) Convolutional neural networks for malware classification. Universitat Politècnica de Catalunya, BarcelonaGoogle Scholar
  17. 17.
    Mclaughlin N, Martinez Del Rincon J, Kang B et al (2017) Deep android malware detection. In: Proceedings of the seventh ACM on conference on data and application security and privacy. ACM, pp 301–308Google Scholar
  18. 18.
    Miné A, Breck J, Reps T (2016) An algorithm inspired by constraint solvers to infer inductive invariants in numeric programs. In: European symposium on programming languages and systems. Springer, 2016, pp 560–588Google Scholar
  19. 19.
    Beyer D, Gulwani S, Schmidt DA (2017) Combining model checking and data-flow analysis. Handb Model Checking 5:493–540zbMATHGoogle Scholar
  20. 20.
    Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Yves L, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not 49(6):259–269CrossRefGoogle Scholar
  21. 21.
    Klieber W, Flynn L, Bhosale A, Jia L, Bauer L (2014) Android taint flow analysis for app sets. In: ACM SIGPLAN, pp 1–6Google Scholar
  22. 22.
    Song D, Brumley D, Yin H et al (2008) BitBlaze: a new approach to computer security via binary analysis. In: ICISS, pp 1–25Google Scholar
  23. 23.
    Brumley D (2008) Analysis and defense of vulnerabilities in binary code. ProQuest, Ann ArborGoogle Scholar
  24. 24.
    Octeau D, Jha S, Dering M, McDaniel P, Bartel A, Li L, Klein J, Le Traon Y (2016) Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: ACM SIGPLAN notices, pp 469–484Google Scholar
  25. 25.
    Li C, Wang H, Wang J, Li Q, Jianbo Yu, Guo J, Guoai X, Guo Y (2017) CRSPR: PageRank for android apps. IEEE Access 5:18004–18015CrossRefGoogle Scholar

Copyright information

© The Natural Computing Applications Forum 2018

Authors and Affiliations

  1. 1.Beijing University of Posts and Telecommunications, Beijing Key Laboratory of Interconnection and IntegrationBeijingChina
  2. 2.China Mobile Communications Group Co., Ltd.BeijingChina

Personalised recommendations