DroidDelver: An Android Malware Detection System Using Deep Belief Network Based on API Call Blocks

  • Shifu Hou
  • Aaron Saas
  • Yanfang YeEmail author
  • Lifei Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9998)


Because of the explosive growth of Android malware and due to the severity of its damages, the detection of Android malware has become an increasing important topic in cyber security. Currently, the major defense against Android malware is commercial mobile security products which mainly use signature-based method for detection. However, attackers can easily devise methods, such as obfuscation and repackaging, to evade the detection, which calls for new defensive techniques that are harder to evade. In this paper, resting on the analysis of Application Programming Interface (API) calls extracted from the smali files, we further categorize the API calls which belong to the some method in the smali code into a block. Based on the generated code blocks, we then apply a deep learning framework (i.e., Deep Belief Network) for newly unknown Android malware detection. Using a real sample collection from Comodo Cloud Security Center, a comprehensive experimental study is performed to compare various malware detection approaches. Promising experimental results demonstrate that DroidDelver which integrates our proposed method outperform other alternative Android malware detection techniques.


Android malware detection API call block Deep belief network 


  1. 1.
    APE: a smart automatic testing environment for android malware.
  2. 2.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: SPSM (2011)Google Scholar
  3. 3.
  4. 4.
    Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 163–182. Springer, Heidelberg (2014)Google Scholar
  5. 5.
  6. 6.
  7. 7.
  8. 8.
    Wu, D., Mao, C., Wei, T., Lee, H., DroidMat, K.: Android malware detection through manifest and API calls tracing. In: ASIA JCIS (2012)Google Scholar
  9. 9.
    G DATA. Mobile malware report for the fourth quarter of 2015.
  10. 10.
    Hinton, G.E., Dayan, P., Frey, B.J., Neal, R.M.: The wake-sleep algorithm for unsupervised neural networks. Science 268, 1158–1161 (1995)CrossRefGoogle Scholar
  11. 11.
    Hinton, G.E., Osindero, S., Teh, Y.: A fast learning algorithm for deep belief nets. Neural Comput. 18, 1527–1554 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Peng, H., Long, F., Ding, C.: Feature selection based on mutualinformation: criteria of max-dependency, max-relevance, and min-redundancy. In: TPAMI (2005)Google Scholar
  13. 13.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: SPSM (2011)Google Scholar
  14. 14.
  15. 15.
  16. 16.
    Xu, J., Yu, Y., Chen, Z., Cao, B., Dong, W., Guo, Y., Cao, J.: MobSafe: cloud computing based forensic analysis for massive mobile applications using data mining. Tsinghua Sci. Technol. 18, 418–427 (2013)CrossRefGoogle Scholar
  17. 17.
    Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)Google Scholar
  18. 18.
    Dimjasevic, M., Atzeni, S., Ugrina, I., Rakamaric, Z.: Evaluation of android malware detection based on system calls. In: IWSPA (2016)Google Scholar
  19. 19.
    Dimjasevic, M., Atzeni, S., Ugrina, I., Rakamaric Z.: Android malware detection based on system calls. In: UUCS (2015)Google Scholar
  20. 20.
    Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: ICDM (2013)Google Scholar
  21. 21.
  22. 22.
    Collobert, R., Weston, J.: A unified architecture for natural language processing: deep neural networks with multitask learning. In: ICML (2008)Google Scholar
  23. 23.
    Wu, W., Hung, S.: DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: RACS (2014)Google Scholar
  24. 24.
    Xu, J., Sung, A., Chavez, P., Mukkamala, S.: Polymorphic malicious executable scanner by API sequence analysis. In: HIS (2004)Google Scholar
  25. 25.
    Bengio, Y.: Learning deep architectures for AI. Found. Trends Mach. Learn. 2(1), 1–127 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Bengio, Y., Lamblin, P., Popovici, D., Larochelle, H.: Greedy layer-wise training of deep networks. In: NIPS (2007)Google Scholar
  27. 27.
    Lv, Y., Duan, Y., Kang, W., Li, Z., Wang, F.: Traffic flow prediction with big data: a deep learning approach. Intell. Transp. Syst. 16(2), 1–9 (2014)CrossRefGoogle Scholar
  28. 28.
    Ye, Y., Wang, D., Li, T., Ye, D.: IMDS: intelligent malware detection system. In: SIGKD (2007)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Department of Computer Science and Electrical EngineeringWest Virginia UniversityMorgantownUSA
  2. 2.School of Mathematics and Computer ScienceFujian Normal UniversityFuzhouChina

Personalised recommendations