Ultra-Lightweight Malware Detection of Android Using 2-Level Machine Learning

As Android becoming the most popular smart phone operating system, malicious applications running on the Android platform appears very frequently and poses the major threat to the security of Android. Considering the resources of smart phone are severely limited, a stable, simple and quick malware detection method for Android is indispensable. In this paper, we propose an ultra-lightweight malware detection method which is able to detect unknown malicious Android applications with limited resources. Firstly, a few features are extracted and divided into three sets for every application. Then, these three feature sets are embedded in the corresponding joint vector spaces and we can get apps's feature vectors. After that, feature vectors of every vector space are classified using a machine learning algorithm. Finally, the three classification results are considered as a group and embedded in a new space and classified again. We evaluate our detection with 3427 malicious samples and 1550 benign applications. Experimental results show that our detection approach has a stable performance that the detection accuracy (true-positive rate) is always higher than 98% and the detection procedure costs only 30ms per sample.

[1]  Ninghui Li,et al.  Android permissions: a perspective combining risks and benefits , 2012, SACMAT '12.

[2]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[3]  Christian Platzer,et al.  MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[4]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[5]  Anthony Desnos Android: From Reversing to Decompilation , 2011 .

[6]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[7]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[8]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[9]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[10]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[11]  Ninghui Li,et al.  Using probabilistic generative models for ranking risks of Android apps , 2012, CCS.

[12]  Vitor Monte Afonso,et al.  Identifying Android malware using dynamically obtained features , 2014, Journal of Computer Virology and Hacking Techniques.

[13]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[14]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[15]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[16]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[17]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.

[18]  Patrick Traynor,et al.  MAST: triage for market-scale mobile malware analysis , 2013, WiSec '13.

[19]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.