Abstract
Android is the most popular smartphone operating system in the world thanks to its openness, which also attracts many Android malware writers. It is really a big challenge for the various Android markets to filter out malware accurately and quickly before provisioning a large number of APPs. Many handcraft feature-based detection solutions had been proposed for solving this problem. But the malware writers can always find ways to change the features while maintaining the malware’ malicious semantic. Inspired by the findings in biology, we advocate identifying Android APPs’ genes that are responsible for the malicious behaviors. Based on this idea, we proposed a new method called DroidGene, which treats calling sequences and permissions as DNA, and using elaborately designed LSTM to find APPs’ malicious genes. The result of experiments on 16,200 Android samples shows that both the accuracy (99.1%) and the detection time (0.36 s) of DroidGene are superior to the state-of-the-art method.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gartner, Gartner Says Worldwide Sales of Smartphones Recorded First Ever Decline During the Fourth Quarter of 2017, 22 February 2018. https://www.gartner.com/newsroom/id/3859963
Wandoujia. https://www.wandoujia.com/
Tencent MyApp. http://Android.myapp.com/
Mobile Assistant. http://zhushou.360.cn/
Qihoo 360, 2017 Android Malware Report, 01 March 2018. http://blogs.360.cn/360mobile/2018/03/01/review_Android_malware_of_2017
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6
Alam, S., Qu, Z., Riley, R.: DroidNative: automating and optimizing detection of Android native code malware variants. Comput. Secur. 65, 230–246 (2016)
Enck, W., Ongtang, M., Mcdaniel, P.: On lightweight mobile phone application certification. In: ACM Conference on Computer and Communications Security, pp. 35–245. ACM (2009)
Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10
Arp, D., Spreitzenbarth, M., Hbner, M., et al.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the 2018 International Conference on Computing and Artificial Intelligence, pp. 35–40. ACM (2018)
Zhang, M., Duan, Y., Yin, H., et al.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: ACM SIGSAC Conference on Computer & Communications Security, pp. 1105–1116. ACM (2014)
Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app classification through static and dynamic analysis. In: Computer Software and Applications Conference, pp. 422–433. IEEE (2015)
Garcia, J., Hammad, M., Sam, M.: Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans. Softw. Eng. Methodol. 26(3), 11 (2018)
Saracino, A., Sgandurra, D., Dini, G.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secur. Comput. 15(1), 83–97 (2018)
Huang, H.D., Kao, H.Y: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections. arXiv preprint arXiv:1705.04448 (2017)
Shabtai, A., Kanonov, U., Elovici, Y., et al.: Andromaly: a behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)
Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors. In: Proceedings of the 6th European Workshop on System Security (EuroSec), pp. 1–6. ACM (2013)
Damopoulos, D., Kambourakis, G., Portokalidis, G.: The best of both worlds: a framework for the synergistic operation of host and cloud anomaly-based IDS for smartphones. In: Proceedings of the Seventh European Workshop on System Security, pp. 1–6. ACM (2014)
Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Conference on Security symposium, pp. 569–584. USENIX Association (2013)
Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 11(6), 659101 (2015)
Wikipedia, Behavioural genetics, 25 June 2018. https://en.wikipedia.org/wiki/Behavioural_genetics
Wikipedia, Gene, 23 June 2018. https://en.wikipedia.org/wiki/Gene
Su, M.Y., Chang, W.C.: Permission-based malware detection mechanisms for smart phones. In: 2014 International Conference on Information Networking, pp. 449–453. IEEE (2014)
Michael, G., Zhou, Y., Zhang, Q., et al.: RiskRanker: scalable and accurate zero-day android malware detection. In: The 10th International Conference on Mobile Systems, Applications and Services, pp. 281–294. ACM (2012)
Wognsen, E.R., Karlsen, H.S., Olesen, M.C.: Formalisation and analysis of Dalvik bytecode. Sci. Comput. Program. 92(6), 25–55 (2014)
Deshotels, L., Notani, V., Lakhotia, A.: DroidLegacy: automated familial classification of android malware. In: ACM SIGPLAN on Program Protection and Reverse Engineering Workshop, pp. 1–12. ACM (2014)
Spreitzenbarth, M., Schreck, T., Echtler, F., et al.: Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques. Int. J. Inf. Secur. 14(2), 141–153 (2015)
Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: International Conference on Malicious and Unwanted Software, pp. 11–20. IEEE (2015)
Yuan, Z., Lu, Y., Wang, Z., et al.: Droid-Sec: deep learning in Android malware detection. ACM SIGCOMM Comput. Commun. Rev. 44(4), 371–372 (2014)
Abou A.T., Cercone, N., Keselj, V., et al.: N-gram-based detection of new malicious code. In: International Computer Software and Applications Conference - Workshops and FAST Abstracts. IEEE Computer Society, pp. 41–42 (2004)
Reddy, D.K.S., Pujari, A.K.: N-gram analysis for computer virus detection. J. Comput. Virol. 2(3), 231–239 (2006)
Nataraj, L., Karthikeyan, S., Jacob, G., et al.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, pp. 1–7. ACM (2011)
Wikipedia, Precision and recall, 12 June 2018. https://en.wikipedia.org/wiki/Precision_and_recall
Virus Total. https://www.virustotal.com/#/home/
Acknowledgments
The work was supported in part by the National High-tech R&D Program of China (863 Program) (2015AA017201) and National Key Research and Development Program of China (2016QY01W0200). The authors are very grateful to the anonymous viewers of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, Y., Zong, H. (2018). DroidGene: Detecting Android Malware Using Its Malicious Gene. In: Qiao, J., et al. Bio-inspired Computing: Theories and Applications. BIC-TA 2018. Communications in Computer and Information Science, vol 951. Springer, Singapore. https://doi.org/10.1007/978-981-13-2826-8_28
Download citation
DOI: https://doi.org/10.1007/978-981-13-2826-8_28
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-2825-1
Online ISBN: 978-981-13-2826-8
eBook Packages: Computer ScienceComputer Science (R0)