Abstract
Android operating system and corresponding applications (app) are becoming increasingly popular, because the characteristics (open source, support the third-party app markets, etc.) of the Android platform, which cause the amazing pace of Android malware, poses a great threat to this platform. To solve this security issue, a comprehensive and accurate detection approach should be designed. Many research works dedicate to achieve this goal, including code analysis and machine learning methods, but these kinds of works cannot analyze large amount of Android applications comprehensively and effectively. We propose DroidDeep, which uses a Deep Belief Network model to classify Android malicious app. This proposed approach first collects 11 different kinds of static behavioral characteristics from a large amount of Android applications. Second, we design a Deep Belief Network algorithm to select unique behavioral characteristics from the collected static behavioral characteristics. Third, we detect zero-day Android malicious applications based on selected behavioral characteristics. We choose a dataset which mix with Android benign and malicious applications to evaluate the proposed method. The laboratory results show that the proposed method can obtain a higher detection accuracy (99.4%). Moreover, the proposed approach costs 6 s in average when analyzing and detecting each Android application.
Similar content being viewed by others
References
Aafer Y, Du WL, Yin H (2018) Droidapiminer: Mining api-level features for robust malware detection in android. In: International conference on security and privacy in communication systems (Securecomm), pp 86–103
Apvrille L, Apvrille A (2015) Identifying unknown android malware with feature extractions and classification techniques. In: Conference on trust, security and privacy in computing and communications (Trustcom), pp 66–76
Arshad S, Shah A, Wahid A, Mehmood A, Song H (2018) SAMADroid: a novel 3-level hybrid malware detection model for android operating system. IEEE Access 6:4321–4339
Au KWY, Zhou Y, Huang Z (2012) Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp 217–228
Bengio Y (2009) Learning deep architectures for AI. Found Trends Mach Learn 2(1):1–127
Bengio Y, Lamblin P, Popovici D, Larochelle H (2007) Greedy layer-wise training of deep networks. Adv Neural Inf Process Syst 19:153–160
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (SPSM), pp 15–26
Chang X, Yang Y (2017) Semisupervised feature analysis by mining correlations among multiple tasks. IEEE Trans Neural Netw Learn Syst 28(10):2294–2305
Chang X, Ma Z, Lin M, Yang Y, Hauptmann A (2017a) Feature interaction augmented sparse learning for fast kinect motion detection. IEEE Trans Image Process 26(8):3911–3920
Chang X, Ma Z, Lin M, Yang Y, Zeng Z, Hauptmann A (2017b) Bi-level semantic representation analysis for multimedia event detection. IEEE Trans Cybern 47(5):1180–1197
Chang X, Yu Y, Yang Y, Xing P (2017c) Semantic pooling for complex event analysis in untrimmed videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632
Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security (CCS), pp 235–245
Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of the 20th USENIX conference on security, pp 21–21
Enck W, Gilbert P, Chun B, Cox L, Jung J, McDaniel P, Sheth A (2014) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst 32(2):5
Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security (CCS), pp 627–638
Gorla A, Tavecchia I, Gross F, Zeller A (2014) Checking app behavior against app descriptions. In: Proceedings of the 36th international conference on software engineering (ICSE), pp 1025–1035
Hinton GE (2002) Training products of experts by minimizing contrastive divergence. Neural Comput 14(8):1771–1800
Hou S, Saas A, Chen L, Ye Y (2017) Deep4MalDroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: IEEE/WIC/ACM international conference on web intelligence workshops (WIW), pp 104–111
Hubner MH, Arp GD, Spreitzenbarth M, Rieck K (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Network and distributed system security symposium (NDSS), pp 1–12
Jung J, Kim H, Shin D, Lee M, Lee H, Cho S, Suh K (2018) Android malware detection based on useful API calls and machine learning. In: 2018 IEEE first international conference on artificial intelligence and knowledge engineering, vol 1, pp 175–178
Kang H, Jang J, Mohaisen A (2015) Detecting and classifying android malware using static analysis along with creator information. Int J Distrib Sens Netw 11(6):1–9
Li Z, Nie F, Chang X, Yang Y (2017) Beyond trace ratio: weighted harmonic mean of trace ratios for multiclass discriminant analysis. IEEE Trans Knowl Data Eng 29(10):2100–2110
Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018a) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inf 14(7):3216–3225
Li J, Wang Z, Tang J, Yang Y, Zhou Y (2018b) An android malware detection system based on feature fusion. Chin J Electron 27(6):1206–1213
Li W, Wang Z, Cai J, Cheng S (2018c) An android malware detection approach using weight-adjusted deep learning. In: 2018 international conference on computing, networking and communications, pp 437–441
Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018d) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inform 14(7):3216–3225
Liang S, Sun W, Might M (2014) Fast flow analysis with godel hashes. In: Source code analysis and manipulation working conference (SCAM), pp 225–234
Ma Z, Ge H, Liu Y, Zhao M, Ma J (2018) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7:21235–21245
Martn A, Fernndez VR, Camacho D (2018) CANDYMAN: classifying Android malware families by modelling dynamic traces with Markov chains. Eng Appl Artif Intell 74:121–133
Mouhib I, Ouadghiri DE, Naanani H (2017) Homomorphic encryption as a service for outsourced images in mobile cloud computing environment. Int J Cloud Appl Comput (IJCAC) 7(2):27–40
Painter N, Kadhiwala B (2018) Machine-learning-Based android malware detection techniques: a comparative analysis. In: Information and communication technology for sustainable development, vol 2017, pp 181–190
Saracino A, Sgandurra D, Dini G, Martinelli F (2018) MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secure Comput 15(1):83–97
Talha KA, Alper DI, Aydin C (2015) Apk auditor: permission-based android malware detection system. Digit Investig 13:1–14
Yan LK, Yin H (2012) Droidscope: Seamlessly reconstructing the os and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX conference on security symposium (Security), pp 29–29
Yang W, Xiao XS, Andow B, Li SH, Xie T, Enck W (2015) Appcontext: Differentiating malicious and benign mobile app behaviors using context. In: Proceedings of the 37th international conference on software engineering (ICSE), pp 303–313
Yildiz O, Dogru IA (2019) Permission-based android malware detection system using feature selection with genetic algorithm. Int J Softw Eng Knowl Eng 29(02):245–262
Yu F, Saswat A, Isil D, Alex A (2014) Apposcopy: Semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM sigsoft international symposium on foundations of software engineering (FSE), pp 576–587
Yuan ZL, Lu YQ, Wang ZG, Xue YB (2014) Droid-sec: deep learning in android malware detection. In: SIGCOMM computer communication review, August 2014, vol 44, no 4, pp 371–372
Zhao K, Zhang DF, Su X, Li WJ (2015) Fest: a feature extraction and selection tool for android malware detection. In: 2015 IEEE symposium on computers and communication (ISCC), pp 714–720
Zhao M, Jiang H, Xu Q, Li Z (2019) Keyword guessing on multi-user searchable encryption. Int J High Perform Comput Netw 14(1):60–68
Zhou Y, Jiang X (2012) Dissecting android malware: Characterization and evolution. In: Proceedings of the 2012 IEEE symposium on security and privacy (S&P), pp 95–109
Zhu H, You Z, Zhu Z, Shi W, Chen X, Cheng L (2018) DroidDet: effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing 272:638–646
Zkik K, Orhanou G, Hajji S (2017) Secure mobile multi cloud architecture for authentication and data storage. Int J Cloud Appl Comput (IJCAC) 7(2):62–76
Acknowledgements
This work is supported by the Research Foundation of Education Bureau of Hunan Province, China (No. 18B548), supported by the Science and Technology Projects of Hunan Province (Nos. 2018JJ2108, 2016JC2074), supported in part by the Science and Technology Project of Hunan Province of China (No. 2017SK1040), supported by the Research project of Education Department of Hunan Province (Nos. 18A441, 18C0958), supported by the Open Research Fund of Hunan Provincial Key Laboratory of Network Investigational Technology (No. 2017WLZC006) and supported by key project of educational planning of Hunan Province (No. XJK18DJA1).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Communicated by B. B. Gupta.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Su, X., Shi, W., Qu, X. et al. DroidDeep: using Deep Belief Network to characterize and detect android malware. Soft Comput 24, 6017–6030 (2020). https://doi.org/10.1007/s00500-019-04589-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-019-04589-w