HFA-MD: An Efficient Hybrid Features Analysis Based Android Malware Detection Method

  • Yang Zhao
  • Guangquan Xu
  • Yao Zhang
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 234)


Lack of supervision and management of many Android third-party application markets has led to a growing number of malware on android platforms. This causes a serious privacy threat to the user’s sensitive information. To solve this problem, in this paper, a new hybrid features analysis method aiming at Android malware detection is proposed, which obtains a hybrid feature vector by extracting the information of permission requests, API calls and runtime behaviors. The characteristic of this work is the use of machine learning classification algorithms to detect malicious software. In addition, the feature selection algorithm is used to further optimize the extracted information to remove some useless features. Our experiments are based on real-world Apps, and use five different classification algorithms to detect the malware. The experiment results show that our proposed hybrid feature extraction method can improve the accuracy rate of Android malware detection compared with using static methods alone.


Android malware detection Machine learning Static analysis Dynamic analysis Feature selection 



This work has partially been sponsored by the National Science Foundation of China (No. 61572355) and Tianjin Research Program of Application Foundation and Advanced Technology under grant No. 15JCYBJC15700, and Fundamental Research of Xinjiang Corps under grant No. 2016AC015.


  1. 1.
    Malhotra, A., Bajaj, K.: A survey on various malware detection techniques on mobile platform. Int. J. Comput. Appl. 139(5), 15–20 (2016)Google Scholar
  2. 2.
    Symantec: Internet Security Threat Report 2017.
  3. 3.
    Tan, D.J., Chua, T.W., Thing, V.L.: Securing Android: a survey, taxonomy, and challenges. ACM Comput. Surv. (CSUR) 47(4), 58 (2015)Google Scholar
  4. 4.
    Shabtai, A., Moskovitch, R., Elovici, Y.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf. Secur. Tech. Rep. 14(1), 16–29 (2009)CrossRefGoogle Scholar
  5. 5.
    Tam, K., Khan, S.J., Fattori, A.: CopperDroid: automatic reconstruction of Android malware behaviors. In: NDSS (2015)Google Scholar
  6. 6.
    Chan, P.P., Song, W.K.: Static detection of Android malware by using permissions and API calls. In: 2014 International Conference on Machine Learning and Cybernetics (ICMLC), vol. 1, pp. 82–87. IEEE (2014)Google Scholar
  7. 7.
    Arp, D., Spreitzenbarth, M., Hubner, M.: DREBIN: effective and explainable detection of Android malware in your pocket. In: NDSS (2014)Google Scholar
  8. 8.
    Wu, D.J., Mao, C.H., Wei, T.E.: Droidmat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69. IEEE (2012)Google Scholar
  9. 9.
    Amos, B., Turner, H., White, J.: Applying machine learning classifiers to dynamic Android malware detection at scale. In: 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1666–1671. IEEE (2013)Google Scholar
  10. 10.
    Dash, S.K., Suarez-Tangil, G., Khan, S.: Droidscribe: classifying Android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252–261. IEEE (2016)Google Scholar
  11. 11.
    Rieck, K., Trinius, P., Willems, C.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)CrossRefGoogle Scholar
  12. 12.
  13. 13.
  14. 14.
    Chandrashekar, G., Sahin, F.: A survey on feature selection methods. Comput. Electr. Eng. 40(1), 16–28 (2014)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    DroidBox: An Android Application Sandbox for Dynamic Analysis.
  17. 17.
    Gu, B., Sheng, V.S., Wang, Z.: Incremental learning for ν-support vector regression. Neural Netw. 67, 140–150 (2015)CrossRefGoogle Scholar
  18. 18.
    Liao, Y., Vemuri, V.R.: Use of k-nearest neighbor classifier for intrusion detection. Comput. Secur. 21(5), 439–448 (2002)CrossRefGoogle Scholar
  19. 19.
    Buntine, W.: Learning classification rules using Bayes. In: Proceedings of the Sixth International Workshop on Machine Learning, pp. 94–98 (2016)Google Scholar
  20. 20.
    Bhargava, N., Sharma, G., Bhargava, R.: Decision tree analysis on J48 algorithm for data mining. Proc. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(6) (2013)Google Scholar
  21. 21.
    Chutia, D., Bhattacharyya, D.K., Sarma, J.: An effective ensemble classification framework using random forests and a correlation based feature selection technique. Trans. GIS 21(6), 1165–1178 (2017)CrossRefGoogle Scholar
  22. 22.
    Hall, M., Frank, E., Holmes, G.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newsl. 11(1), 10–18 (2009)CrossRefGoogle Scholar
  23. 23.
    VirusShare Malware dataset.

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.Tianjin Key Laboratory of Advanced Networking (TANK), School of Computer Science and TechnologyTianjin UniversityTianjinChina

Personalised recommendations