TinyDroid: A Lightweight and Efficient Model for Android Malware Detection and Classification

With the popularity of Android applications, Android malware has an exponential growth trend. In order to detect Android malware effectively, this paper proposes a novel lightweight static detection model, TinyDroid, using instruction simplification and machine learning technique. First, a symbol-based simplification method is proposed to abstract the opcode sequence decompiled from Android Dalvik Executable files. Then, N-gram is employed to extract features from the simplified opcode sequence, and a classifier is trained for the malware detection and classification tasks. To improve the efficiency and scalability of the proposed detection model, a compression procedure is also used to reduce features and select exemplars for the malware sample dataset. TinyDroid is compared against the state-of-the-art antivirus tools in real world using Drebin dataset. The experimental results show that TinyDroid can get a higher accuracy rate and lower false alarm rate with satisfied efficiency.

[1]  Eric Medvet,et al.  Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[2]  Sakir Sezer,et al.  N-opcode analysis for android malware classification and categorization , 2016, 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security).

[3]  Huy Kang Kim,et al.  Function-Oriented Mobile Malware Analysis as First Aid , 2016, Mob. Inf. Syst..

[4]  Karim O. Elish,et al.  High Precision Screening for Android Malware with Dimensionality Reduction , 2014, 2014 13th International Conference on Machine Learning and Applications.

[5]  Xu Zhang,et al.  Efficient classification using parallel and scalable compressed model and its application on intrusion detection , 2014, Expert Syst. Appl..

[6]  Dafang Zhang,et al.  Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion , 2017, Secur. Commun. Networks.

[7]  Hang Dong,et al.  Malware detection method of android application based on simplification instructions , 2014 .

[8]  Robert L. Mercer,et al.  Class-Based n-gram Models of Natural Language , 1992, CL.

[9]  Yu Liu,et al.  Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods , 2018, Mob. Inf. Syst..

[10]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[11]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[12]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[13]  Kieran McLaughlin,et al.  N-gram density based malware detection , 2014, 2014 World Symposium on Computer Applications & Research (WSCAR).

[14]  M. Masrom,et al.  Opcodes histogram for classifying metamorphic portable executables malware , 2012, 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE).

[15]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[16]  Edward Raff,et al.  An investigation of byte n-gram features for malware classification , 2018, Journal of Computer Virology and Hacking Techniques.

[17]  Delbert Dueck,et al.  Clustering by Passing Messages Between Data Points , 2007, Science.

[18]  Hong Yang,et al.  An android malware dynamic detection method based on service call co-occurrence matrices , 2017, Ann. des Télécommunications.

[19]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[20]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[21]  Aziz Mohaisen,et al.  Detecting and Classifying Android Malware Using Static Analysis along with Creator Information , 2015, Int. J. Distributed Sens. Networks.

[22]  Wei Wang,et al.  Towards Fast Detecting Intrusions: Using Key Attributes of Network Traffic , 2008, 2008 The Third International Conference on Internet Monitoring and Protection.

[23]  Tao Zhang,et al.  RobotDroid: A Lightweight Malware Detection Framework On Smartphones , 2012, J. Networks.

[24]  Xuxian Jiang,et al.  Profiling user-trigger dependence for Android malware detection , 2015, Comput. Secur..