Advertisement

FGFDect: A Fine-Grained Features Classification Model for Android Malware Detection

  • Chao Liu
  • Jianan Li
  • Min YuEmail author
  • Bo Luo
  • Song Li
  • Kai Chen
  • Weiqing Huang
  • Bin Lv
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 254)

Abstract

In Android malware detection, fine-grained features can provide a more accurate description of the application’s behavior. Nonetheless fine-grained feature extraction has not been done perfectly, hence, invalid features will not only bring additional overhead but also reduce the detection accuracy. In this paper, we propose FGFDect, a malware classification model by mining Android applications for fine-grained features. Our work aims to handle two types of features that frequently appear in Android malware. One of them refers to the permissions that have been registered, but actually not been used. The other is the API called via the reflection mechanism. This information improves the precision of static analysis, which no longer need to make conservative assumptions about coarse-grained features. These two feature sets are fed into the machine learning algorithms to classify the app into benign or malware. FGFDect is evaluated on a large real-world data set consisting of 6400 malware apps and 4600 popular benign apps. Compared with those traditional approaches with coarse-grained features, extensive evaluation results demonstrate that the proposed approach exhibits an impressive detection accuracy of 96.7% with the false positive rate of 0.7%. In addition, the proposed approach complements existing permission-based approaches and API-based approaches.

Keywords

Permission API Reflection Static analysis Fine-grained 

Notes

Acknowledgment

This work is supported by the National Key Research and Development Program of China (2016YFB0801001, 2016YFB0801004), and is supported in part by a research grant from Ant Financial.

References

  1. 1.
    Chen, K., Wang, X., Chen, Y., et al.: Following devil’s footprints: cross-platform analysis of potentially harmful libraries on android and iOS. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 357–376. IEEE (2016)Google Scholar
  2. 2.
    Chen, J., Wang, C., Zhao, Z., Chen, K., et al.: Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13, 1286–1300 (2017)CrossRefGoogle Scholar
  3. 3.
    Li, L., Bissyandé, T.F., Octeau, D., et al.: DroidRa: taming reflection to support whole-program analysis of android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 318–329. ACM (2016)Google Scholar
  4. 4.
    Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)Google Scholar
  5. 5.
    Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: android malware characterization and detection using deep learning. J. Tsinghua Univ. (Sci. Technol.) 21(1), 114–123 (2016)CrossRefGoogle Scholar
  6. 6.
    Ping, X., Xiaofeng, W., Wenjia, N., et al.: Android malware detection with contrasting permission patterns. China Commun. 11(8), 1–14 (2014)Google Scholar
  7. 7.
    Li, M., Liu, Y., Yu, M., et al.: FEPDF: a robust feature extractor for malicious PDF detection. In: Trustcom/bigdatase/icess. IEEE (2017)Google Scholar
  8. 8.
    Jiang, J., et al.: A deep learning based online malicious URL and DNS detection scheme. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 438–448. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78813-5_22CrossRefGoogle Scholar
  9. 9.
    Barros, P., Just, R., Millstein, S., Vines, P., Dietl, W., Ernst, M.D.: Static analysis of implicit control flow: resolving Java reflection and android intents. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE, Lincoln, Nebraska (2015)Google Scholar
  10. 10.
    Haohua, H., Zhanqi, C., Minxue, P., et al.: Automatic detection of malicious Android applications based on static and dynamic combination. J. Inf. Secur. 2(4), 27–40 (2017)Google Scholar
  11. 11.
    Yu, L., Zhang, T., Luo, X., et al.: Toward automatically generating privacy policy for Android apps. IEEE Trans. Inf. Forensics Secur. 12(4), 865–880 (2017)CrossRefGoogle Scholar
  12. 12.
    Au, K.W.Y., Zhou, Y.F., Huang, Z., et al.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)Google Scholar
  13. 13.
    Kazdagli, M., Huang, L., Reddi, V., et al.: Morpheus: benchmarking computational diversity in mobile malware. In: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, p. 3. ACM (2014)Google Scholar
  14. 14.
    Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., et al.: ANDRUBIS–1,000,000 apps later: a view on current Android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)Google Scholar
  15. 15.
    Li, L., Bissyandé, T.F., Octeau, D., et al.: Reflection-aware static analysis of android apps. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, pp. 756–761. ACM (2016)Google Scholar
  16. 16.
    Zhang, Y., Luo, X., Yin, H.: DexHunter: toward extracting hidden code from packed android applications. In: Pernul, G., Y A Ryan, P., Weippl, E. (eds.) Computer Security–ESORICS 2015. LNCS, vol. 9327, pp. 293–311. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-24177-7_15CrossRefGoogle Scholar
  17. 17.
    Arzt, S., Rasthofer, S., Fritz, C., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM Sigplan Not. 49(6), 259–269 (2014)CrossRefGoogle Scholar
  18. 18.
    Arp, D., Spreitzenbarth, M., Hubner, M., et al.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)Google Scholar
  19. 19.
    Virus Share [EB/OL]. https://virusshare.com/. Accessed 12 Nov 2017

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Chao Liu
    • 1
  • Jianan Li
    • 1
    • 2
  • Min Yu
    • 1
    • 2
    Email author
  • Bo Luo
    • 3
  • Song Li
    • 1
    • 2
  • Kai Chen
    • 1
  • Weiqing Huang
    • 1
  • Bin Lv
    • 1
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.Department of Electrical Engineering and Computer ScienceUniversity of KansasLawrenceUSA

Personalised recommendations