Back-propagation neural network on Markov chains from system call sequences: a new approach for detecting Android malware with system call sequences

Android has become the most prevalent mobile system, but in the meanwhile malware on this platform is widespread. System call sequences are studied to detect malware. However, malware detection with these approaches relies on common system-call-subsequences. It is not so efficient because it is difficult to decide the appropriate length of the common subsequences. To address this issue, the authors propose a new approach, back-propagation neural network on Markov chains from system call sequences (BMSCS). It treats one system call sequence as a homogeneous stationary Markov chain and applies back-propagation neural network (BPNN) to detect malware by comparing transition probabilities in the chain. Since transition probabilities from one system call to another in malware are significantly different from those in benign applications, BMSCS can efficiently detect malware by capturing the anomaly in state transitions with the help of BPNN. The authors evaluate the performance of BMSCS by experiments with real application samples. The experiment results show that the F -score of BMSCS achieves up to 0.982773, which is higher than the other methods in the literature.

[1]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Yuan-Cheng Lai,et al.  Identifying android malicious repackaged applications by thread-grained system call sequences , 2013, Comput. Secur..

[3]  Ehud Gudes,et al.  A Method for Detecting Unknown Malicious Executables , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Anastassia Baxevani,et al.  Modelling Precipitation in Sweden using multiple step markov chains and a composite model , 2008 .

[5]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[6]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[7]  Hecht-Nielsen Theory of the backpropagation neural network , 1989 .

[8]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[9]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[10]  Xi Xiao,et al.  A variable-length model for masquerade detection , 2012, J. Syst. Softw..

[11]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[12]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[13]  Mahmuda Rahman,et al.  DroidMLN: A Markov Logic Network Approach to Detect Android Malware , 2013, 2013 12th International Conference on Machine Learning and Applications.

[14]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[15]  S. Dharmaraja,et al.  Semi-Markov modeling of dependability of VoIP network in the presence of resource degradation and security attacks , 2011, Reliab. Eng. Syst. Saf..

[16]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[17]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[18]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[19]  I A Basheer,et al.  Artificial neural networks: fundamentals, computing, design, and application. , 2000, Journal of microbiological methods.

[20]  Fang Juan,et al.  Android malware detection based on permissions , 2014 .

[21]  XiaoFeng Wang,et al.  A fuzzy forecast method for network security situation based on Markov , 2012, 2012 International Conference on Computer Science and Information Processing (CSIP).

[22]  Xianwei Zhou,et al.  Research of secure ecosystem based on Android platform , 2013 .

[23]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[24]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[25]  Xingquan Zhu,et al.  Machine Learning for Android Malware Detection Using Permission and API Calls , 2013, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.

[26]  Albert B. Jeng,et al.  Android Malware Detection via a Latent Network Behavior Analysis , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[27]  Xi Xiao,et al.  Detecting Mobile Malware with TMSVM , 2014, SecureComm.

[28]  Sakir Sezer,et al.  Analysis of Bayesian classification-based approaches for Android malware detection , 2016, IET Inf. Secur..

[29]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.