DroidDeep: using Deep Belief Network to characterize and detect android malware

Android operating system and corresponding applications (app) are becoming increasingly popular, because the characteristics (open source, support the third-party app markets, etc.) of the Android platform, which cause the amazing pace of Android malware, poses a great threat to this platform. To solve this security issue, a comprehensive and accurate detection approach should be designed. Many research works dedicate to achieve this goal, including code analysis and machine learning methods, but these kinds of works cannot analyze large amount of Android applications comprehensively and effectively. We propose DroidDeep, which uses a Deep Belief Network model to classify Android malicious app. This proposed approach first collects 11 different kinds of static behavioral characteristics from a large amount of Android applications. Second, we design a Deep Belief Network algorithm to select unique behavioral characteristics from the collected static behavioral characteristics. Third, we detect zero-day Android malicious applications based on selected behavioral characteristics. We choose a dataset which mix with Android benign and malicious applications to evaluate the proposed method. The laboratory results show that the proposed method can obtain a higher detection accuracy (99.4%). Moreover, the proposed approach costs 6 s in average when analyzing and detecting each Android application.

[1]  Matthew Might,et al.  Fast Flow Analysis with Godel Hashes , 2014, 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation.

[2]  Kabakus Abdullah Talha,et al.  APK Auditor: Permission-based Android malware detection system , 2015 .

[3]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[4]  Yoshua Bengio,et al.  Greedy Layer-Wise Training of Deep Networks , 2006, NIPS.

[5]  Yi Yang,et al.  Bi-Level Semantic Representation Analysis for Multimedia Event Detection , 2017, IEEE Transactions on Cybernetics.

[6]  Yi Yang,et al.  Semantic Pooling for Complex Event Analysis in Untrimmed Videos , 2017, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[7]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[8]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[9]  Zhihui Li,et al.  Beyond Trace Ratio: Weighted Harmonic Mean of Trace Ratios for Multiclass Discriminant Analysis , 2017, IEEE Transactions on Knowledge and Data Engineering.

[10]  Oktay Yildiz,et al.  Permission-based Android Malware Detection System Using Feature Selection with Genetic Algorithm , 2019, Int. J. Softw. Eng. Knowl. Eng..

[11]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[12]  Tao Wang,et al.  An Android Malware Detection System Based on Feature Fusion , 2018, Chinese Journal of Electronics.

[13]  Xiaojun Chang,et al.  Feature Interaction Augmented Sparse Learning for Fast Kinect Motion Detection , 2017, IEEE Transactions on Image Processing.

[14]  Hongnian Yu,et al.  SAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System , 2018, IEEE Access.

[15]  Ghizlane Orhanou,et al.  Secure Mobile Multi Cloud Architecture for Authentication and Data Storage , 2017, Int. J. Cloud Appl. Comput..

[16]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[17]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[18]  Yoshua. Bengio,et al.  Learning Deep Architectures for AI , 2007, Found. Trends Mach. Learn..

[19]  Jianfeng Ma,et al.  A Combination Method for Android Malware Detection Based on Control Flow Graphs and Machine Learning Algorithms , 2019, IEEE Access.

[20]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[21]  Zhenlong Yuan,et al.  Droid-Sec: deep learning in android malware detection , 2015, SIGCOMM 2015.

[22]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[23]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[24]  Yanfang Ye,et al.  Deep4MalDroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs , 2016, 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW).

[25]  Han Jiang,et al.  Keyword guessing on multi-user searchable encryption , 2017 .

[26]  Xiaojun Chang,et al.  Semisupervised Feature Analysis by Mining Correlations Among Multiple Tasks , 2014, IEEE Transactions on Neural Networks and Learning Systems.

[27]  Aziz Mohaisen,et al.  Detecting and Classifying Android Malware Using Static Analysis along with Creator Information , 2015, Int. J. Distributed Sens. Networks.

[28]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[29]  Jaemin Jung,et al.  Android Malware Detection Based on Useful API Calls and Machine Learning , 2018, 2018 IEEE First International Conference on Artificial Intelligence and Knowledge Engineering (AIKE).

[30]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[31]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[32]  Dafang Zhang,et al.  Fest: A feature extraction and selection tool for Android malware detection , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[33]  Geoffrey E. Hinton Training Products of Experts by Minimizing Contrastive Divergence , 2002, Neural Computation.

[34]  Bintu Kadhiwala,et al.  Machine-Learning-Based Android Malware Detection Techniques—A Comparative Analysis , 2018 .

[35]  Wenjia Li,et al.  An Android Malware Detection Approach Using Weight-Adjusted Deep Learning , 2018, 2018 International Conference on Computing, Networking and Communications (ICNC).

[36]  Ibtihal Mouhib,et al.  Homomorphic Encryption as a Service for Outsourced Images in Mobile Cloud Computing Environment , 2017, Int. J. Cloud Appl. Comput..

[37]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[38]  David Camacho,et al.  CANDYMAN: Classifying Android malware families by modelling dynamic traces with Markov chains , 2018, Eng. Appl. Artif. Intell..

[39]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[40]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[41]  Alessandra Gorla,et al.  Checking app behavior against app descriptions , 2014, ICSE.