Mobile Malware Detection - An Analysis of the Impact of Feature Categories

  • Mahbub E. KhodaEmail author
  • Joarder Kamruzzaman
  • Iqbal Gondal
  • Tasadduq Imam
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11304)


The use of smartphones and hand-held devices continues to increase with rapid development in underlying technology and widespread deployment of numerous applications including social network, email and financial transactions. Inevitably, malware attacks are shifting towards these devices. To detect mobile malware, features representing the characteristics of applications play a crucial role. In this work, we systematically studied the impact of all categories of features (i.e., permission, application programmers interface calls, inter component communication and dynamic features) of android applications in classifying a malware from benign applications. We identified the best combination of feature categories that yield better performance in terms of widely used metrics than blindly using all feature categories. We proposed a new technique to include contextual information in API calls into feature values and the study reveals that embedding such information enhances malware detection capability by a good margin. Information gain analysis shows that a significant number of features in ICC category is not relevant to malware prediction and hence, least effective. This study will be useful in designing better mobile malware detection system.


Mobile malware Feature categories Classifiers Context 


  1. 1.
    Number of Smartphone Users Worldwide. Accessed 16 Nov 2017
  2. 2.
    Number of Android Devices. Accessed 16 Nov 2017
  3. 3.
    Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: Emulator vs real phone: android malware detection using machine learning. In: Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics, pp. 65–72. ACM (2017)Google Scholar
  4. 4.
    Yang, C., Zhang, J., Gu, G.: Understanding the market-level and network-level behaviors of the android malware ecosystem. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2452–2457. IEEE (2017)Google Scholar
  5. 5.
    Samra, A.A.A., Yim, K., Ghanem, O.A.: Analysis of clustering technique in android malware detection. In: 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 729–733. IEEE (2013)Google Scholar
  6. 6.
    Frank, M., Dong, B., Felt, A.P., Song, D.: Mining permission request patterns from android and Facebook applications, pp. 870–875, December 2012.
  7. 7.
    Yerima, S.Y., Sezer, S., McWilliams, G.: Analysis of bayesian classification-based approaches for android malware detection. IET Inf. Secur. 8(1), 25–36 (2014)CrossRefGoogle Scholar
  8. 8.
    Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)Google Scholar
  9. 9.
    Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)Google Scholar
  10. 10.
    Yang, W., Xiao, X., Andow, B., Li, S., Xie, T., Enck, W.: Appcontext: differentiating malicious and benign mobile app behaviors using context. In: Proceedings of the 37th International Conference on Software Engineering, ICSE 2015, vol. 1, pp. 303–313. IEEE Press, Piscataway (2015).
  11. 11.
    Narayanan, A., Chandramohan, M., Chen, L., Liu, Y.: Context-aware, adaptive and scalable android malware detection through online learning (extended version). CoRR abs/1706.00947 (2017).
  12. 12.
    Narayanan, A., Chandramohan, M., Chen, L., Liu, Y.: A multi-view context-aware approach to android malware detection and malicious code localization. Empir. Softw. Eng. (2017). Scholar
  13. 13.
    Xu, K., Li, Y., Deng, R.H.: ICCDetector: ICC-based malware detection on android. IEEE Trans. Inf. Forensics Secur. 11(6), 1252–1264 (2016)CrossRefGoogle Scholar
  14. 14.
    Feizollah, A., Anuar, N.B., Salleh, R., Suarez-Tangil, G., Furnell, S.: Androdialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)CrossRefGoogle Scholar
  15. 15.
    Afonso, V.M., de Amorim, M.F., Grégio, A.R.A., Junquera, G.B., de Geus, P.L.: Identifying android malware using dynamically obtained features. J. Comput. Virol. Hacking Tech. 11(1), 9–17 (2015)CrossRefGoogle Scholar
  16. 16.
    Dimjašević, M., Atzeni, S., Ugrina, I., Rakamaric, Z.: Evaluation of android malware detection based on system calls. In: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, pp. 1–8. ACM (2016)Google Scholar
  17. 17.
    Tong, F., Yan, Z.: A hybrid approach of mobile malware detection in android. J. Parallel Distrib. Comput. 103, 22–31 (2017)CrossRefGoogle Scholar
  18. 18.
    Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-sec: deep learning in android malware detection. In: ACM SIGCOMM Computer Communication Review, vol. 44, pp. 371–372. ACM (2014)Google Scholar
  19. 19.
    Arzt, S., et al.: Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not. 49(6), 259–269 (2014)CrossRefGoogle Scholar
  20. 20.
    Su, X., Zhang, D., Li, W., Zhao, K.: A deep learning approach to android malware feature learning and detection. In: Trustcom/BigDataSE/I SPA, pp. 244–251. IEEE (2016)Google Scholar
  21. 21.
    Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)Google Scholar
  22. 22.
    Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers Inc., San Francisco (1993)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Mahbub E. Khoda
    • 1
    Email author
  • Joarder Kamruzzaman
    • 1
  • Iqbal Gondal
    • 1
  • Tasadduq Imam
    • 2
  1. 1.Internet Commerce Security LaboratoryFederation University AustraliaBallaratAustralia
  2. 2.CQUniversity AustraliaRockhamptonAustralia

Personalised recommendations