DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features

Android platform has dominated the operating system of mobile devices. However, the dramatic increase of Android malicious applications (malapps) has caused serious software failures to Android system and posed a great threat to users. The effective detection of Android malapps has thus become an em...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Wei Wang, Zhenzhen Gao, Meichen Zhao, Yidong Li, Jiqiang Liu, Xiangliang Zhang
Formato: article
Lenguaje:EN
Publicado: IEEE 2018
Materias:
Acceso en línea:https://doaj.org/article/a28bca942e4a4fd98a176668511fcf0f
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:a28bca942e4a4fd98a176668511fcf0f
record_format dspace
spelling oai:doaj.org-article:a28bca942e4a4fd98a176668511fcf0f2021-11-19T00:02:04ZDroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features2169-353610.1109/ACCESS.2018.2835654https://doaj.org/article/a28bca942e4a4fd98a176668511fcf0f2018-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/8357771/https://doaj.org/toc/2169-3536Android platform has dominated the operating system of mobile devices. However, the dramatic increase of Android malicious applications (malapps) has caused serious software failures to Android system and posed a great threat to users. The effective detection of Android malapps has thus become an emerging yet crucial issue. Characterizing the behaviors of Android applications (apps) is essential to detecting malapps. Most existing works on detecting Android malapps were mainly based on string static features, such as permissions and API usage extracted from apps. There also exists work on the detection of Android malapps with structural features, such as control flow graph and data flow graph. As Android malapps have become increasingly polymorphic and sophisticated, using only one type of static features may result in false negatives. In this paper, we propose DroidEnsemble that takes advantages of both string features and structural features to systematically and comprehensively characterize the static behaviors of Android apps and thus build a more accurate detection model for the detection of Android malapps. We extract each app’s string features, including permissions, hardware features, filter intents, restricted API calls, used permissions, code patterns, as well as structural features like function call graph. We then use three machine learning algorithms, namely, support vector machine, k-nearest neighbor, and random forest, to evaluate the performance of these two types of features and of their ensemble. In the experiments, we evaluate our methods and models with 1386 benign apps and 1296 malapps. Extensive experimental results demonstrate the effectiveness of DroidEnsemble. It achieves the detection accuracy as 95.8% with only string features and as 90.68% with only structural features. DroidEnsemble reaches the detection accuracy as 98.4% with the ensemble of both types of features, reducing 9 false positives and 12 false negatives compared to the results with only string features.Wei WangZhenzhen GaoMeichen ZhaoYidong LiJiqiang LiuXiangliang ZhangIEEEarticleAndroid malicious application analysismalware analysissoftware failure reductionstatic analysisElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 6, Pp 31798-31807 (2018)
institution DOAJ
collection DOAJ
language EN
topic Android malicious application analysis
malware analysis
software failure reduction
static analysis
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
spellingShingle Android malicious application analysis
malware analysis
software failure reduction
static analysis
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Wei Wang
Zhenzhen Gao
Meichen Zhao
Yidong Li
Jiqiang Liu
Xiangliang Zhang
DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features
description Android platform has dominated the operating system of mobile devices. However, the dramatic increase of Android malicious applications (malapps) has caused serious software failures to Android system and posed a great threat to users. The effective detection of Android malapps has thus become an emerging yet crucial issue. Characterizing the behaviors of Android applications (apps) is essential to detecting malapps. Most existing works on detecting Android malapps were mainly based on string static features, such as permissions and API usage extracted from apps. There also exists work on the detection of Android malapps with structural features, such as control flow graph and data flow graph. As Android malapps have become increasingly polymorphic and sophisticated, using only one type of static features may result in false negatives. In this paper, we propose DroidEnsemble that takes advantages of both string features and structural features to systematically and comprehensively characterize the static behaviors of Android apps and thus build a more accurate detection model for the detection of Android malapps. We extract each app’s string features, including permissions, hardware features, filter intents, restricted API calls, used permissions, code patterns, as well as structural features like function call graph. We then use three machine learning algorithms, namely, support vector machine, k-nearest neighbor, and random forest, to evaluate the performance of these two types of features and of their ensemble. In the experiments, we evaluate our methods and models with 1386 benign apps and 1296 malapps. Extensive experimental results demonstrate the effectiveness of DroidEnsemble. It achieves the detection accuracy as 95.8% with only string features and as 90.68% with only structural features. DroidEnsemble reaches the detection accuracy as 98.4% with the ensemble of both types of features, reducing 9 false positives and 12 false negatives compared to the results with only string features.
format article
author Wei Wang
Zhenzhen Gao
Meichen Zhao
Yidong Li
Jiqiang Liu
Xiangliang Zhang
author_facet Wei Wang
Zhenzhen Gao
Meichen Zhao
Yidong Li
Jiqiang Liu
Xiangliang Zhang
author_sort Wei Wang
title DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features
title_short DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features
title_full DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features
title_fullStr DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features
title_full_unstemmed DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features
title_sort droidensemble: detecting android malicious applications with ensemble of string and structural static features
publisher IEEE
publishDate 2018
url https://doaj.org/article/a28bca942e4a4fd98a176668511fcf0f
work_keys_str_mv AT weiwang droidensembledetectingandroidmaliciousapplicationswithensembleofstringandstructuralstaticfeatures
AT zhenzhengao droidensembledetectingandroidmaliciousapplicationswithensembleofstringandstructuralstaticfeatures
AT meichenzhao droidensembledetectingandroidmaliciousapplicationswithensembleofstringandstructuralstaticfeatures
AT yidongli droidensembledetectingandroidmaliciousapplicationswithensembleofstringandstructuralstaticfeatures
AT jiqiangliu droidensembledetectingandroidmaliciousapplicationswithensembleofstringandstructuralstaticfeatures
AT xiangliangzhang droidensembledetectingandroidmaliciousapplicationswithensembleofstringandstructuralstaticfeatures
_version_ 1718420684761202688