MulAV: Multilevel and Explainable Detection of Android Malware with Data Fusion

  • Qun Li
  • Zhenxiang ChenEmail author
  • Qiben Yan
  • Shanshan Wang
  • Kun Ma
  • Yuliang Shi
  • Lizhen Cui
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11337)


With the popularization of smartphones, the number of mobile applications has grown substantially. However, many malware are emerging and thus pose a serious threat to the user’s mobile phones. Malware detection has become a public concern that requires urgent resolution. In this paper, we propose MulAV, a multilevel and explainable detection method with data fusion. Our method obtain information from multiple levels (the APP source code, network traffic, and geospatial information) and combine it with machine learning method to train a model which can identify mobile malware with high accuracy and few false alarms. Experimental result shows that MulAV outperforms other anti-virus scanners and methods and achieves a detection rate of 97.8% with 0.4% false alarms. Furthermore, for the benefit of users, MulAV displays the explanation for each detection, thus revealing relevant properties of the detected malware.


Android malware detection Data fusion Multilevel Result explanation 


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    Number of available applications in the google play store. Technical report. (2017)
  6. 6.
    Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)Google Scholar
  7. 7.
    Cao, D., et al.: Droidcollector: a high performance framework for high quality android traffic collection. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 1753–1758. IEEE (2016)Google Scholar
  8. 8.
    Chakraborty, T., Pierazzi, F., Subrahmanian, V.: EC2: ensemble clustering and classification for predicting android malware families. IEEE Trans. Dependable Secur. Comput., 1 (2017)Google Scholar
  9. 9.
    Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar
  10. 10.
    Hypponen, M.: Malware goes mobile. Sci. Am. 295(5), 70–77 (2006)CrossRefGoogle Scholar
  11. 11.
    Narudin, F.A., Feizollah, A., Anuar, N.B., Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft Comput. 20(1), 343–357 (2016)CrossRefGoogle Scholar
  12. 12.
    Octeau, D., et al.: Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: ACM SIGPLAN Notices, vol. 51, pp. 469–484. ACM (2016)CrossRefGoogle Scholar
  13. 13.
    Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secur. Comput. 15, 83–97 (2016)CrossRefGoogle Scholar
  14. 14.
    Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., Hoffmann, J.: Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques. Int. J. Inf. Secur. 14(2), 141–153 (2015)CrossRefGoogle Scholar
  15. 15.
    Suarez-Tangil, G., Dash, S.K., Ahmadi, M., Kinder, J., Giacinto, G., Cavallaro, L.: DroidSieve: fast and accurate classification of obfuscated android malware. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 309–320. ACM (2017)Google Scholar
  16. 16.
    Tong, F., Yan, Z.: A hybrid approach of mobile malware detection in android. J. Parallel Distrib. Comput. 103, 22–31 (2017)CrossRefGoogle Scholar
  17. 17.
    Wang, S., et al.: TrafficAV: an effective and explainable detection of mobile malware behavior using network traffic. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–6. IEEE (2016)Google Scholar
  18. 18.
    Wong, M.Y., Lie, D.: IntelliDroid: a targeted input generator for the dynamic analysis of android malware. In: NDSS, vol. 16, pp. 21–24 (2016)Google Scholar
  19. 19.
    Zhang, J.: Research of Android application security. Ph.D. thesis, Beijing University of Posts and Telecommunications (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Qun Li
    • 1
    • 2
  • Zhenxiang Chen
    • 1
    • 2
    Email author
  • Qiben Yan
    • 3
  • Shanshan Wang
    • 1
    • 2
  • Kun Ma
    • 1
    • 2
  • Yuliang Shi
    • 4
  • Lizhen Cui
    • 4
  1. 1.School of Information Science and EngineeringUniversity of JinanJinanChina
  2. 2.Shandong Provincial Key Laboratory of Network Based Intelligent ComputingJinanChina
  3. 3.University of Nebraska LincolnLincolnUSA
  4. 4.Shandong UniversityJinanChina

Personalised recommendations