Skip to main content
SpringerLink
Log in

Comprehensive Behavior Profiling for Proactive Android Malware Detection

  • Conference paper
Book cover Information Security (ISC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8783))

Included in the following conference series:

Abstract

We present a new method of screening for malicious Android applications that uses two types of information about the application: the permissions that the application requests in its installation manifest and a metric called percentage of valid call sites (PVCS). PVCS measures the riskiness of the application based on a data flow graph. The information is used with machine learning algorithms to classify previously unseen applications as malicious or benign with a high degree of accuracy. Our classifier outperforms the previous state of the art by a significant margin, with particularly low false positive rates. Furthermore, the classifier evaluation is performed on malware families that were not used in the training phase, simulating the accuracy of the classifier on malware yet to be developed. We found that our PVCS metric and the SEND_SMS permission are the specific pieces of information that are most useful to the classifier.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Soot: a Java optimization framework (2012), http://www.sable.mcgill.ca/soot/

  2. Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: Mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  3. Amos, B., Turner, H., White, J.: Applying machine learning classifiers to dynamic android malware detection at scale. In: 2013 9th Int. Wireless Commun. and Mobile Computing Conf. (IWCMC), pp. 1666–1671 (2013)

    Google Scholar 

  4. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: Efficient and explainable detection of Android malware in your pocket. In: Proc. of 17th Network and Distributed System Security Symposium, NDSS (2014)

    Google Scholar 

  5. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-based malware detection system for Android. In: Proc. of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, pp. 15–26 (2011)

    Google Scholar 

  6. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proc. of 19th Int. World Wide Web Conf. (2010)

    Google Scholar 

  7. Elish, K.O., Yao, D., Ryder, B.G.: User-centric dependence analysis for identifying malicious mobile apps. In: Proc. of the IEEE Mobile Security Technologies (MoST) Workshop, in conjunction with the IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  8. Elish, K.O., Yao, D., Ryder, B.G., Jiang, X.: A static assurance analysis of Android applications. Technical Report TR-13-03, Virginia Tech (2013)

    Google Scholar 

  9. Grace, M.C., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day Android malware detection. In: Proc. of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys), pp. 281–294. ACM (2012)

    Google Scholar 

  10. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: An update. SIGKDD Explorations 11 (2009)

    Google Scholar 

  11. Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Transactions on Programming Languages and Systems 12, 26–60 (1990)

    Article  Google Scholar 

  12. Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proc. of the 1999 IEEE Symposium on Security and Privacy, pp. 120–132. IEEE (1999)

    Google Scholar 

  13. Liu, L., Yan, G., Zhang, X., Chen, S.: VirusMeter: Preventing your cellphone from spies. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 244–264. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: Proc. of the 2012 ACM Conf. on Computer and Commun. Security, CCS 2012, pp. 241–252 (2012)

    Google Scholar 

  15. Sahs, J., Khan, L.: A machine learning approach to Android malware detection. In: 2012 European Intelligence and Security Informatics Conf. (EISIC), pp. 141–147 (2012)

    Google Scholar 

  16. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: Permission usage to detect malware in android. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  17. Schmidt, A.D., Bye, R., Schmidt, H.G., Clausen, J., Kiraz, O., Yuksel, K., Camtepe, S., Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: IEEE Int. Conf. on Commun., pp. 1–5 (2009)

    Google Scholar 

  18. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for Android devices. Journal of Intelligent Inform. Syst. 38(1), 161–190 (2012)

    Article  Google Scholar 

  19. Srivastava, A., Sural, S., Majumdar, A.K.: Database intrusion detection using weighted sequence mining. Journal of Computers 1(4), 8–17 (2006)

    Article  Google Scholar 

  20. Tan, H., Goharian, N., Sherr, M.: $100,000 prize jackpot. Call now!: Identifying the pertinent features of SMS spam. In: Proc. of the 35th Int. ACM SIGIR Conf. on Research and Development in Information Retrieval, pp. 1175–1176. ACM (2012)

    Google Scholar 

  21. Virustotal: Virus Total (2013), https://www.virustotal.com/

  22. Whitney, L.: iPhone market share shrinks as Android, Windows Phone grow (January 2014), http://news.cnet.com/8301-13579_3-57616679-37/iphone-market-share-shrinks-as-android-windows-phone-grow/

  23. Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conf. on Inform. Security (Asia JCIS), pp. 62–69 (2012)

    Google Scholar 

  24. Xie, P., Li, J.H., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: 2010 IEEE/IFIP Int. Conf. on Dependable Syst. and Networks (DSN), pp. 211–220. IEEE (2010)

    Google Scholar 

  25. Zhou, Y., Jiang, X.: Dissecting Android malware: Characterization and evolution. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 95–109 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Analytics and Visualization Center, Indiana Univ.-Purdue Univ. Fort Wayne (IPFW), 2101 E. Coliseum Blvd., Fort Wayne, IN, 46825, USA

    Britton Wolfe

  2. Department of Computer Science, Virginia Tech., 2202 Kraft Dr., KWII, Blacksburg, VA, 24060, USA

    Karim O. Elish & Danfeng (Daphne) Yao

Authors
  1. Britton Wolfe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karim O. Elish
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Danfeng (Daphne) Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Engineering, Chinese University of Hong Kong, Room 808, Ho Sin Hang Engineering Building, Sha Tin, N.T., Hong Kong, China

    Sherman S. M. Chow

  2. IBM Research Zurich, Säumerstrasse 4, 8803, Rüschlikon, Switzerland

    Jan Camenisch

  3. Department of Computer Science, The University of Hong Kong, Chow Yei Ching Building, Pokfulam Road, Hong Kong, China

    Lucas C. K. Hui  & Siu Ming Yiu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Wolfe, B., Elish, K.O., Yao, D.(. (2014). Comprehensive Behavior Profiling for Proactive Android Malware Detection. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds) Information Security. ISC 2014. Lecture Notes in Computer Science, vol 8783. Springer, Cham. https://doi.org/10.1007/978-3-319-13257-0_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13257-0_19

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13256-3

  • Online ISBN: 978-3-319-13257-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation