Skip to main content
SpringerLink
Log in

DroidDeep: using Deep Belief Network to characterize and detect android malware

  • Focus
  • Published:
Soft Computing Aims and scope Submit manuscript

Abstract

Android operating system and corresponding applications (app) are becoming increasingly popular, because the characteristics (open source, support the third-party app markets, etc.) of the Android platform, which cause the amazing pace of Android malware, poses a great threat to this platform. To solve this security issue, a comprehensive and accurate detection approach should be designed. Many research works dedicate to achieve this goal, including code analysis and machine learning methods, but these kinds of works cannot analyze large amount of Android applications comprehensively and effectively. We propose DroidDeep, which uses a Deep Belief Network model to classify Android malicious app. This proposed approach first collects 11 different kinds of static behavioral characteristics from a large amount of Android applications. Second, we design a Deep Belief Network algorithm to select unique behavioral characteristics from the collected static behavioral characteristics. Third, we detect zero-day Android malicious applications based on selected behavioral characteristics. We choose a dataset which mix with Android benign and malicious applications to evaluate the proposed method. The laboratory results show that the proposed method can obtain a higher detection accuracy (99.4%). Moreover, the proposed approach costs 6 s in average when analyzing and detecting each Android application.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Listing. 1
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  • Aafer Y, Du WL, Yin H (2018) Droidapiminer: Mining api-level features for robust malware detection in android. In: International conference on security and privacy in communication systems (Securecomm), pp 86–103

  • Apvrille L, Apvrille A (2015) Identifying unknown android malware with feature extractions and classification techniques. In: Conference on trust, security and privacy in computing and communications (Trustcom), pp 66–76

  • Arshad S, Shah A, Wahid A, Mehmood A, Song H (2018) SAMADroid: a novel 3-level hybrid malware detection model for android operating system. IEEE Access 6:4321–4339

    Article  Google Scholar 

  • Au KWY, Zhou Y, Huang Z (2012) Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp 217–228

  • Bengio Y (2009) Learning deep architectures for AI. Found Trends Mach Learn 2(1):1–127

    Article  Google Scholar 

  • Bengio Y, Lamblin P, Popovici D, Larochelle H (2007) Greedy layer-wise training of deep networks. Adv Neural Inf Process Syst 19:153–160

    Google Scholar 

  • Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (SPSM), pp 15–26

  • Chang X, Yang Y (2017) Semisupervised feature analysis by mining correlations among multiple tasks. IEEE Trans Neural Netw Learn Syst 28(10):2294–2305

    Article  MathSciNet  Google Scholar 

  • Chang X, Ma Z, Lin M, Yang Y, Hauptmann A (2017a) Feature interaction augmented sparse learning for fast kinect motion detection. IEEE Trans Image Process 26(8):3911–3920

    Article  MathSciNet  Google Scholar 

  • Chang X, Ma Z, Lin M, Yang Y, Zeng Z, Hauptmann A (2017b) Bi-level semantic representation analysis for multimedia event detection. IEEE Trans Cybern 47(5):1180–1197

    Article  Google Scholar 

  • Chang X, Yu Y, Yang Y, Xing P (2017c) Semantic pooling for complex event analysis in untrimmed videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632

    Article  Google Scholar 

  • Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security (CCS), pp 235–245

  • Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of the 20th USENIX conference on security, pp 21–21

  • Enck W, Gilbert P, Chun B, Cox L, Jung J, McDaniel P, Sheth A (2014) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst 32(2):5

    Article  Google Scholar 

  • Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security (CCS), pp 627–638

  • Gorla A, Tavecchia I, Gross F, Zeller A (2014) Checking app behavior against app descriptions. In: Proceedings of the 36th international conference on software engineering (ICSE), pp 1025–1035

  • Hinton GE (2002) Training products of experts by minimizing contrastive divergence. Neural Comput 14(8):1771–1800

    Article  Google Scholar 

  • Hou S, Saas A, Chen L, Ye Y (2017) Deep4MalDroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: IEEE/WIC/ACM international conference on web intelligence workshops (WIW), pp 104–111

  • Hubner MH, Arp GD, Spreitzenbarth M, Rieck K (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Network and distributed system security symposium (NDSS), pp 1–12

  • Jung J, Kim H, Shin D, Lee M, Lee H, Cho S, Suh K (2018) Android malware detection based on useful API calls and machine learning. In: 2018 IEEE first international conference on artificial intelligence and knowledge engineering, vol 1, pp 175–178

  • Kang H, Jang J, Mohaisen A (2015) Detecting and classifying android malware using static analysis along with creator information. Int J Distrib Sens Netw 11(6):1–9

    Google Scholar 

  • Li Z, Nie F, Chang X, Yang Y (2017) Beyond trace ratio: weighted harmonic mean of trace ratios for multiclass discriminant analysis. IEEE Trans Knowl Data Eng 29(10):2100–2110

    Article  Google Scholar 

  • Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018a) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inf 14(7):3216–3225

    Article  Google Scholar 

  • Li J, Wang Z, Tang J, Yang Y, Zhou Y (2018b) An android malware detection system based on feature fusion. Chin J Electron 27(6):1206–1213

    Article  Google Scholar 

  • Li W, Wang Z, Cai J, Cheng S (2018c) An android malware detection approach using weight-adjusted deep learning. In: 2018 international conference on computing, networking and communications, pp 437–441

  • Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018d) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inform 14(7):3216–3225

    Article  Google Scholar 

  • Liang S, Sun W, Might M (2014) Fast flow analysis with godel hashes. In: Source code analysis and manipulation working conference (SCAM), pp 225–234

  • Ma Z, Ge H, Liu Y, Zhao M, Ma J (2018) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7:21235–21245

    Article  Google Scholar 

  • Martn A, Fernndez VR, Camacho D (2018) CANDYMAN: classifying Android malware families by modelling dynamic traces with Markov chains. Eng Appl Artif Intell 74:121–133

    Article  Google Scholar 

  • Mouhib I, Ouadghiri DE, Naanani H (2017) Homomorphic encryption as a service for outsourced images in mobile cloud computing environment. Int J Cloud Appl Comput (IJCAC) 7(2):27–40

    Google Scholar 

  • Painter N, Kadhiwala B (2018) Machine-learning-Based android malware detection techniques: a comparative analysis. In: Information and communication technology for sustainable development, vol 2017, pp 181–190

  • Saracino A, Sgandurra D, Dini G, Martinelli F (2018) MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secure Comput 15(1):83–97

    Article  Google Scholar 

  • Talha KA, Alper DI, Aydin C (2015) Apk auditor: permission-based android malware detection system. Digit Investig 13:1–14

    Article  Google Scholar 

  • Yan LK, Yin H (2012) Droidscope: Seamlessly reconstructing the os and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX conference on security symposium (Security), pp 29–29

  • Yang W, Xiao XS, Andow B, Li SH, Xie T, Enck W (2015) Appcontext: Differentiating malicious and benign mobile app behaviors using context. In: Proceedings of the 37th international conference on software engineering (ICSE), pp 303–313

  • Yildiz O, Dogru IA (2019) Permission-based android malware detection system using feature selection with genetic algorithm. Int J Softw Eng Knowl Eng 29(02):245–262

    Article  Google Scholar 

  • Yu F, Saswat A, Isil D, Alex A (2014) Apposcopy: Semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM sigsoft international symposium on foundations of software engineering (FSE), pp 576–587

  • Yuan ZL, Lu YQ, Wang ZG, Xue YB (2014) Droid-sec: deep learning in android malware detection. In: SIGCOMM computer communication review, August 2014, vol 44, no 4, pp 371–372

  • Zhao K, Zhang DF, Su X, Li WJ (2015) Fest: a feature extraction and selection tool for android malware detection. In: 2015 IEEE symposium on computers and communication (ISCC), pp 714–720

  • Zhao M, Jiang H, Xu Q, Li Z (2019) Keyword guessing on multi-user searchable encryption. Int J High Perform Comput Netw 14(1):60–68

    Article  Google Scholar 

  • Zhou Y, Jiang X (2012) Dissecting android malware: Characterization and evolution. In: Proceedings of the 2012 IEEE symposium on security and privacy (S&P), pp 95–109

  • Zhu H, You Z, Zhu Z, Shi W, Chen X, Cheng L (2018) DroidDet: effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing 272:638–646

    Article  Google Scholar 

  • Zkik K, Orhanou G, Hajji S (2017) Secure mobile multi cloud architecture for authentication and data storage. Int J Cloud Appl Comput (IJCAC) 7(2):62–76

    Google Scholar 

Download references

Acknowledgements

This work is supported by the Research Foundation of Education Bureau of Hunan Province, China (No. 18B548), supported by the Science and Technology Projects of Hunan Province (Nos. 2018JJ2108, 2016JC2074), supported in part by the Science and Technology Project of Hunan Province of China (No. 2017SK1040), supported by the Research project of Education Department of Hunan Province (Nos. 18A441, 18C0958), supported by the Open Research Fund of Hunan Provincial Key Laboratory of Network Investigational Technology (No. 2017WLZC006) and supported by key project of educational planning of Hunan Province (No. XJK18DJA1).

Author information

Authors and Affiliations

  1. Hunan Provincial Key Laboratory of Network Investigational Technology, Hunan Police Academy, Changsha, China

    Xin Su, Weiqi Shi & Xuchong Liu

  2. Department of Information Technology, Hunan Police Academy, Changsha, China

    Xin Su

  3. School of Information Technology and Management, Hunan University of Finance and Economics, Changsha, China

    Xilong Qu

  4. Zhejiang Economic Information Center, Hangzhou, China

    Yi Zheng

Authors
  1. Xin Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Weiqi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xilong Qu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yi Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xuchong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weiqi Shi.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Communicated by B. B. Gupta.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Su, X., Shi, W., Qu, X. et al. DroidDeep: using Deep Belief Network to characterize and detect android malware. Soft Comput 24, 6017–6030 (2020). https://doi.org/10.1007/s00500-019-04589-w

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00500-019-04589-w

Keywords

Search

Navigation