Android Malicious Application Classification Using Clustering

  • Hemant RathoreEmail author
  • Sanjay K. SahayEmail author
  • Palash ChaturvediEmail author
  • Mohit SewakEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 941)


Android malware have been growing at an exponential pace and becomes a serious threat to mobile users. It appears that most of the anti-malware still relies on the signature-based detection system which is generally slow and often not able to detect advanced obfuscated malware. Hence time-to-time various authors have proposed different machine learning solutions to identify sophisticated malware. However, it appears that detection accuracy can be improved by using the clustering method. Therefore in this paper, we propose a novel scalable and effective clustering method to improve the detection accuracy of the malicious android application and obtained a better overall accuracy (98.34%) by random forest classifier compared to regular method, i.e., taking the data altogether to detect the malware. However, as far as true positive and true negative are concerned, by clustering method, true positive is best obtained by decision tree (97.59%) and true negative by support vector machine (99.96%) which is the almost same result obtained by the random forest true positive (97.30%) and true negative (99.38%) respectively. The reason that overall accuracy of random forest is high because the true positive of support vector machine and true negative of the decision tree is significantly less than the random forest.


Android Classification Clustering Malware detection Static analysis 


  1. 1.
    G DATA Mobile Internet Security. Technical report, G DATA (2017). Accessed 02 Oct 2018
  2. 2.
    Smartphone OS Market Share. Technical report, ITC (2017). Accessed 02 Oct 2018
  3. 3.
    APKTOOL. Technical report, Apache (2018). Accessed 02 Oct 2018
  4. 4.
    Google Play. Technical report, Google (2018). Accessed 02 Oct 2018
  5. 5.
    How we fought bad apps and malicious developers in 2017. Technical report, Android Developers Blog (2018). Accessed 02 Oct 2018
  6. 6.
    McAfee Mobile Threat Report December 2017. Technical report, McAfee (2018). Accessed 02 Oct 2018
  7. 7.
    McAfee Mobile Threat Report Q1, 2018. Technical report, McAfee (2018). Accessed 02 Oct 2018
  8. 8.
    NumPy. Technical report (2018). Accessed 02 Oct 2018
  9. 9.
    Scikit-learn. Technical report (2018). Accessed 02 Oct 2018
  10. 10.
    VirusTotal. Technical report, Google (2018). Accessed 02 Oct 2018
  11. 11.
    Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS, vol. 14, pp. 23–26 (2014)Google Scholar
  12. 12.
    Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)Google Scholar
  13. 13.
    Caliński, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat.-Theory Methods 3(1), 1–27 (1974)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)CrossRefGoogle Scholar
  15. 15.
    Chen, T., Mao, Q., Yang, Y., Lv, M., Zhu, J.: TinyDroid: a lightweight and efficient model for android malware detection and classification. Mob. Inf. Syst. 2018, 9 (2018)Google Scholar
  16. 16.
    Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar
  17. 17.
    Feizollah, A., Anuar, N.B., Salleh, R., Suarez-Tangil, G., Furnell, S.: AndroDialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)CrossRefGoogle Scholar
  18. 18.
    Jiang, X., Zhou, Y.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109. IEEE (2012)Google Scholar
  19. 19.
    Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Significant permission identification for machine learning based android malware detection. IEEE Trans. Ind. Inform. 14, 3216–3225 (2018)CrossRefGoogle Scholar
  20. 20.
    Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: ANDRUBIS–1,000,000 apps later: a view on current android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)Google Scholar
  21. 21.
    de la Puerta, J.G., Sanz, B., Santos, I., Bringas, P.G.: Using dalvik opcodes for malware detection on android. In: International Conference on Hybrid Artificial Intelligence Systems, pp. 416–426. Springer (2015)Google Scholar
  22. 22.
    Rana, M.S., Rahman, S.S.M.M., Sung, A.H.: Evaluation of tree based machine learning classifiers for android malware detection. In: International Conference on Computational Collective Intelligence, pp. 377–385. Springer (2018)Google Scholar
  23. 23.
    Rousseeuw, P.J.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20, 53–65 (1987)CrossRefGoogle Scholar
  24. 24.
    Sharma, A., Sahay, S.K.: An investigation of the classifiers to detect android malicious apps. In: Information and Communication Technology, pp. 207–217. Springer (2018)Google Scholar
  25. 25.
    Sharma, A., Sahay, S.: Group-wise classification approach to improve android malicious apps detection accuracy. Int. J. Netw. Secur. 21(3), 409–417 (2019)Google Scholar
  26. 26.
    Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)Google Scholar
  27. 27.
    Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69. IEEE (2012)Google Scholar
  28. 28.
    You, W., Liang, B., Li, J., Shi, W., Zhang, X.: Android implicit information flow demystified. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 585–590. ACM (2015)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of CS and ISBITS, PilaniSancoaleIndia

Personalised recommendations