Abstract
With the market share of Android mobile devices increasing, Android has come to dominate the smartphone operating system market. It also draws the attention of malware authors and researchers. The number of Android malicious applications is constantly increasing. However, due to the limitations of static detection in code obfuscation and dynamic loading, the current research of Android malicious code detection needs to be deeply studied in dynamic detection. In this paper, a new Android malware identification method is proposed. This method extracts the feature of Android system service call sequences by using a co-occurrence matrix and uses machine-learning algorithm to classify the feature sequence and to verify whether this feature sequence can expose Android malware behaviors or not. By using 750 malware samples and 1000 benign samples, this paper has designed an experiment to evaluate this method. The results show that this method has a high detection precision rate (97.1%) in the best case and a low false-positive rate (2.1%) in the worst case based on the system service call co-occurrence matrix.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
(2016) 360: China mobile security status report 2015. http://zt.360.cn/1101061855.php?dtid=1101061451&did=1101593997
Afonso VM, de Amorim MF, Grégio ARA, Junquera GB, de Geus PL (2015) Identifying android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques 11(1):9–17
Althebyan Q, Yaseen Q, Jararweh Y, Al-Ayyoub M (2016) Cloud support for large scale e-healthcare systems. Ann Telecommun pp 1–13
AndroMalShare: http://andromalshare.androidmalware:8080/#.com
Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not 49(6): 259–269
Blokhin K, Saxe J, Mentis D (2013) Malware similarity identification using call graph based system call subsequence features 2013 IEEE 33Rd international conference on distributed computing systems workshops. IEEE, pp 6–10
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26
Chen L, Aritsugi M (2006) An svm-based masquerade detection method with online upyear using co-occurrence matrix International conference on detection of intrusions and malware, and vulnerability assessment. Springer, pp 37–53
Coutinho EF, de Carvalho Sousa FR, Rego PAL, Gomes DG, de Souza JN (2015) Elasticity in cloud computing: a survey. Annals of telecommunications-annales des télécommunications 70(7-8):289–309
Cui B, Liu Z, Wang L (2016) Key-aggregate searchable encryption (kase) for group data sharing via cloud storage. IEEE Trans Comput 65(8):2374–2385
Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2014) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst (TOCS) 32(2):5
Hruska J (2015) Google throws nearly a billion android users under the bus, refuses to patch os vulnerability. http://www.extremetech.com/mobile/197346-google-throws-nearly-a-billion-android-users-under-the-bus-refuses-/to-patch-os-vulnerability
Lin YD, Lai YC, Chen CH, Tsai HC (2013) Identifying android malicious repackaged applications by thread-grained system call sequences. Comput Secur 39:340–350
Liu Z, Chen X, Yang J, Jia C, You I (2016) New order preserving encryption model for outsourced databases in cloud environments. J Netw Comput Appl 59:198–207
Muñoz EAC, Le Denmat F, Morin A, Lagrange X (2015) Multimedia content delivery trigger in a mobile network to reduce the peak load. Annals of telecommunications-annales des télécommunications 70(7-8):321–330
Oka M, Oyama Y, Abe H, Kato K (2004) Anomaly detection using layered networks based on eigen co-occurrence matrix International workshop on recent advances in intrusion detection. Springer, pp 223–237
Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and api calls 2013 IEEE 25Th international conference on tools with artificial intelligence. IEEE, pp 300–305
Potharaju R, Newell A, Nita-Rotaru C, Zhang X (2012) Plagiarizing smartphone applications: attack strategies and defense techniques International symposium on engineering secure software and systems. Springer, pp 106–120
Sato R, Chiba D, Goto S (2013) Detecting android malware by analyzing manifest files. Proceedings of the Asia-Pacific Advanced Network 36:23–31
Seo SH, Gupta A, Sallam AM, Bertino E, Yim K (2014) Detecting mobile malware threats to homeland security through static analysis. J Netw Comput Appl 38:43–53
Shabtai A, Fledel Y, Elovici Y (2010) Automated static code analysis for classifying android applications using machine learning 2010 international conference on Computational intelligence and security (CIS). IEEE, pp 329–333
Suarez-Tangil G, Tapiador JE, Peris-Lopez P, Blasco J (2014) Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst Appl 41(4):1104–1117
Vidas T, Votipka D, Christin N (2011) All your droid are belong to us: a survey of current android attacks WOOT, pp 81–90
Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for Malicious application detection. IEEE Trans Inf Forensics Secur 9(11):1869–1882
Wang X, Yang Y, Zeng Y (2015) Accurate mobile malware detection and classification in the cloud. SpringerPlus 4(1):1
Weichselbaum L, Neugschwandtner M, Lindorfer M, Fratantonio Y, van der Veen V, Platzer C (2014) Andrubis: Android malware under the magnifying glass. Vienna University of Technology, Tech Rep TRISECLAB-0414 1:5
Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP (2012) Droidmat: Android malware detection through manifest and api calls tracing 2012 seventh asia joint conference on Information security (asia JCIS). IEEE, pp 62–69
Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608
Xiao X, Xiao X, Jiang Y, Liu X, Ye R (2016) Identifying android malware with system call co-occurrence matrices Transactions on Emerging Telecommunications Technologies
Xu K, Li Y, Deng RH (2016) Iccdetector: Icc-based malware detection on android. IEEE Trans Inf Forensics Secur 11(6):1252–1264
Yuan C, Sun X, Lv R (2016) Fingerprint liveness detection based on multi-scale lpq and pca. China Communications 13(7):60–65
Yuan Z, Lu Y, Wang Z, Xue Y (2014) Droid-sec: Deep learning in android malware detection ACM SIGCOMM Computer communication review, vol 44. ACM, pp 371–372
Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: Detecting Malicious apps in official and alternative android markets NDSS, vol 25, pp 50–52
Acknowledgements
The work is supported by the Foundation of Educational Commission of Tianjin, China (Grant No. 20130801), the General Project of Tianjin Municipal Science and Technology Commission (No.15JCYBJC15600), the Major Project of Tianjin Municipal Science and Technology Commission (No.15ZXDSGX00030), NSFC: the United Foundation of General Technology and Fundamental Research (No.U1536122).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, C., Li, Z., Mo, X. et al. An android malware dynamic detection method based on service call co-occurrence matrices. Ann. Telecommun. 72, 607–615 (2017). https://doi.org/10.1007/s12243-017-0580-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-017-0580-9