SAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System

For the last few years, Android is known to be the most widely used operating system and this rapidly increasing popularity has attracted the malware developer’s attention. Android allows downloading and installation of apps from other unofficial market places. This gives malware developers an opportunity to put repackaged malicious applications in third-party app-stores and attack the Android devices. A large number of malware analysis and detection systems have been developed which uses static analysis, dynamic analysis, or hybrid analysis to keep Android devices secure from malware. However, the existing research clearly lags in detecting malware efficiently and accurately. For accurate malware detection, multilayer analysis is required which consumes large amount of hardware resources of resource constrained mobile devices. This research proposes an efficient and accurate solution to this problem, named SAMADroid, which is a novel 3-level hybrid malware detection model for Android operating systems. The research contribution includes multiple folds. First, many of the existing Android malware detection techniques are thoroughly investigated and categorized on the basis of their detection methods. Also, their benefits along with limitations are deduced. A novel 3-level hybrid malware detection model for Android operating systems is developed, that can provide high detection accuracy by combining the benefits of the three different levels: 1) Static and Dynamic Analysis; 2) Local and Remote Host; and 3) Machine Learning Intelligence. Experimental results show that SAMADroid achieves high malware detection accuracy by ensuring the efficiency in terms of power and storage consumption.

[1]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.

[2]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[3]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[4]  Taghi M. Khoshgoftaar,et al.  Random forest: A reliable tool for patient response prediction , 2011, 2011 IEEE International Conference on Bioinformatics and Biomedicine Workshops (BIBMW).

[5]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[6]  P. Danielsson Euclidean distance mapping , 1980 .

[7]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[8]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[9]  Xiaolei Wang,et al.  A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection , 2015, MCS '15.

[10]  Cengiz Acartürk,et al.  The analysis of feature selection methods and classification algorithms in permission based Android malware detection , 2014, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[11]  Kanubhai K. Patel,et al.  Detection and Mitigation of Android Malware Through Hybrid Approach , 2015, SSCC.

[12]  Ponciano Jorge Escamilla-Ambrosio,et al.  Towards a 2-hybrid Android malware detection test framework , 2016, 2016 International Conference on Electronics, Communications and Computers (CONIELECOMP).

[13]  F. Pampel Logistic Regression: A Primer , 2000 .

[14]  Zhenkai Liang,et al.  Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android , 2016, IEEE Transactions on Information Forensics and Security.

[15]  Abdullah Talha Kabakus,et al.  APK Auditor: Permission-based Android malware detection system , 2015, Digit. Investig..

[16]  Sheng-De Wang,et al.  Machine Learning Based Hybrid Behavior Models for Android Malware Analysis , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[17]  Ali A. Ghorbani,et al.  DroidKin: Lightweight Detection of Android Apps Similarity , 2014, SecureComm.

[18]  Wei Xu,et al.  Improving one-class SVM for anomaly detection , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[19]  Aziz Mohaisen,et al.  Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information , 2016, Comput. Secur..

[20]  Tong Zhang,et al.  An Introduction to Support Vector Machines and Other Kernel-Based Learning Methods , 2001, AI Mag..

[21]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[22]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[23]  Alan Agresti,et al.  Building and Applying Logistic Regression Models , 2003 .

[24]  László Kozma,et al.  k Nearest Neighbors algorithm (kNN) , 2008 .

[25]  P. V. Shijo,et al.  Integrated Static and Dynamic Analysis for Malware Detection , 2015 .

[26]  Xu Chen,et al.  A hybrid malware detecting scheme for mobile Android applications , 2016, 2016 IEEE International Conference on Consumer Electronics (ICCE).

[27]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[28]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .