Abstract
Since Android is the most widely used operating system for mobile devices, it has been a target for widespread malware attacks. During the past years, many new malware detection mechanisms have been introduced for the Android platform. These methods are generally classified as static analysis and dynamic analysis methods. However, none of the existing mechanisms are able to detect the malware applications with reasonable false positive and negative rates. This is a major concern in the field of Android malware detection. In this paper, we propose a novel malware detection mechanism by combining the estimated malicious probability values of three distinct naive Bayes classifiers based on API calls, permissions, and system calls using Bayesian model averaging approach. The majority of the existing Android malwares have signatures in at least one of API calls, permissions, or system call sequences. Hence, the proposed mechanism can overcome the limitations of the existing static and dynamic malware detection mechanism to a good extent. Our experiments have shown that the proposed mechanism is more accurate than the existing static and dynamic malware detection mechanisms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Worldwide smartphone OS market share. http://www.idc.com
A look at Google bouncer. http://blog.trendmicro.com
Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), pp. 329–334. ACM Digital Library, Arizona, USA (2013)
Xie, L., Zhang, X., Seifert, J.P., Zhu, S.: PBMDS: a behavior-based malware detection system for cellphone devices. In: Proceedings of the Third ACM Conference on Wireless Network Security, pp. 37–48 (2010)
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. Security and Privacy in Communication Networks. Springer, pp. 86–103 (2013)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM Digital Library (2009)
Rovelli, P., Vigfússon, Y.: PMDS: permission-based malware detection system. In: International Conference on Information Systems Security. Springer, pp. 338–357 (2014)
Shabtai, A., Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)
Wei, Y., Zhang, H., Ge, L., Hardy, R.: On behavior-based detection of malware on android platform. In: Global Communications Conference (GLOBECOM), pp. 814–819. IEEE (2013)
Lewis, D.D.: Naive (Bayes) at forty: the independence assumption in information retrieval. In: European Conference on Machine Learning. Springer, Berlin, Heidelberg (1998)
Azhagusundari, B., Thanamani, A.S.: Feature selection based on information gain. Int. J. Innov. Technol. Explor. Eng. (IJITEE) 2278–3075 (2013). ISSN
Cataldo, M., Mockus, A., Roberts, J.A., Herbsleb, J.D.: Software dependencies, work dependencies, and their impact on failures. IEEE Trans. Softw. Eng. 35(6), 864–878 (2009)
Xiao, X., Jiang, Y., Liu, X., Ye, R.: Identifying Android malware with system call co-occurrence matrices. Trans. Emerg. Telecommun. Technol. (2016)
Madigan, D., Raftery, A.E., Volinsky, C., Hoeting, J.: Bayesian model averaging. In: Proceedings of the AAAI Workshop on Integrating Multiple Learned Models, pp. 77–83, Portland (1996)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS), Siemens (2014)
Sbîrlea, D., Burke, M.G., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in android applications. IBM Journal of Research and Development 57(6), 10–1 (2013)
Butler, J.: DKOM (direct Kernel Object Manipulation). Black Hat USA (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Roopak, S., Thomas, T., Emmanuel, S. (2019). Android Malware Detection Mechanism Based on Bayesian Model Averaging. In: Sa, P., Bakshi, S., Hatzilygeroudis, I., Sahoo, M. (eds) Recent Findings in Intelligent Computing Techniques . Advances in Intelligent Systems and Computing, vol 707. Springer, Singapore. https://doi.org/10.1007/978-981-10-8639-7_9
Download citation
DOI: https://doi.org/10.1007/978-981-10-8639-7_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8638-0
Online ISBN: 978-981-10-8639-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)