JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE) ›› 2017, Vol. 47 ›› Issue (1): 42-47.doi: 10.6040/j.issn.1672-3961.1.2016.150

Previous Articles     Next Articles

Android malware detection based on SVM

ZHANG Yuling, YIN Chuanhuan*   

  1. School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
  • Received:2016-03-31 Online:2017-02-20 Published:2016-03-31

PDF (PC)

1050

Abstract: In order to detect malware effectively and reduce the threat of malicious software on Android platform security, two strategies that were probability statistics embedding and feature extraction were proposed based on the analysis of existing data sets.These strategies were used to transform high-dimensional data into low-dimensional data so as to reduce the dimension and the uncertainty of the extracted features. Support vector machine were used to classify these data. With these strategies, the time complexity of training process was reduced to 16.7 percent of the original time, and the ability of detecting unknown malware families was improved obviously. Moreover, these strategies were used with some popular classification algorithms, and the experimental results revealed that these strategies could achieve a better detection rate.

Key words: Android malware, SVM, probability statistics, feature extraction, dimensionality reduction

CLC Number: 

  • TP391
[1] STRATEGY Analytics. Android captures record 88 percent share of globalsmartphone shipments in Q3 2016[EB/OL]. [2016-11-17]. https://www.strategyanalytics.com/strategy-analytics.
[2] MOBILE Security. 2014 Mobile Threat Report[EB/OL]. [2016-11-17]. https://www.lookout.com/resources/reports/mobile-threat-report.
[3] LI Jun. 360发布手机安全报告恶意程序去年增4倍[J]. 计算机与网络, 2015, 41(3):89-89. LIU J. 360 delivered Mobile Security Report: Malicious programs increased four times last year[J].Computer & Network, 2015, 41(3):89-89.
[4] 丰生强. Android 软件安全与逆向分析[M]. 北京:人民邮电出版社, 2013.
[5] BURGUERA I, ZURUTUZA U, NADJM-TEHRANI S. Crowdroid: behavior-based malware detection system for Android[C] //ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. Chicago, Illinois, USA: ACM, 2011: 15-26.
[6] TAM K, KHAN S J, FATTORI A, et al. CopperDroid: Automatic reconstruction of Android malware behaviors[C] //Proceedings of the Symposium on Network and Distributed System Security. San Diego, CA, USA: NDSS, 2015.
[7] ENCK W, GILBERT P, HAN S, et al. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smart phones[J]. ACM Transactions on Computer Systems, 2014, 32(2):393-407.
[8] ENCK W, ONGTANG M, MCDANIEL P. On lightweight mobile phone application certification[C] //Proceedings of the 16th ACM Conference on Computer and Communications Security. New York, USA: ACM, 2009: 235-245.
[9] FELT A P, CHIN E, HANNA S, et al. Android permissions demystified[C] //Proceedings of the 18th ACM Conference on Computer and Communications Security. New York, USA: ACM, 2011: 627-638.
[10] GRACE M, ZHOU Y, ZHANG Q, et al. RiskRanker: scalable and accurate zero-day Android malware detection[C] //Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. New York, USA: ACM, 2012: 281-294.
[11] YUAN Z, LU Y, WANG Z, et al. Droid-Sec: deep learning in android malware detection[C] //Proceedings of the 2014 ACM conference on SIGCOMM. New York, USA: ACM, 2014: 371-372.
[12] SHEEN S A, NITHA R, NATARAJAN V. Android based malware detection using a multifeature collaborative decision fusion approach[J]. Neurocomputing, 2015, 151:905-912.
[13] ARP D, PREITZENBARTH M S, HÜBNER M, et al. Drebin: effective and explainable detection of android malware in your pocket[C] //Proceedings of the Annual Symposium on Network and Distributed System Security. San Diego, CA, USA: NDSS, 2014.
[14] ZHOU Y, JIANG X. Dissecting Android malware: characterization and evolution[C] //IEEE Symposium on Security & Privacy. San Francisco, CA, USA: IEEE, 2012: 95-109.
[15] CORMEN T H. Introductionto Algorithms[M]. Massachusetts: MIT Press, 2009.
[16] BLOOM B H. Space/time tradeoffs in hash coding with allowable errors[J]. Communication of the ACM, 1970, 13(7):422-426.
[17] FAN R E, CHANG K W, HSIEH C J, et al. LIBLINEAR: A library for large linear classification[J]. Journal of Machine Learning research(JMLR), 2008, 9:1871-1874.
[18] CORTES C, VAPNIK V. Support-vector networks[J]. Machine Learning, 1995, 20(3):273-297.
[19] 吴倩,赵晨啸,郭莹.Android安全机制解析与应用实践[M].北京:机械工业出版社,2013.
[20] AVDIIENKO V, KUZNETSOV K, GORLA A, et al. Mining apps for abnormal usage of sensitive data[C] //2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. Florence, Italy: IEEE, 2015,1: 426-436.
[21] CHANG C C, LIN C J. LIBSVM: a library for support vector machines[J]. ACM Transactions on Intelligent Systems and Technology, 2011, 2(3):1-27.
[1] WANG Guoxin, CHEN Fengdong, LIU Guodong. Feature extraction method of color pseudo-random coded structured light [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2018, 48(5): 55-60.
[2] YE Ziyun, YANG Jinfeng. A finger-vein recognition method based on weighted graph model [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2018, 48(3): 103-109.
[3] QIAN Wenguang, LI Huimin. A similarity subspace embedding algorithm [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2018, 48(1): 8-14.
[4] ZHANG Zhenyue, LI Fei, JIANG Mingyan. Unsupervised face image feature extraction based on low-rank representation projection [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2018, 48(1): 15-20.
[5] LIU Yan, LI Youjun, CHEN Meng. Research on the classification of resting state EEG signal between depression patients and normal controls by EMD and SVM methods [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2017, 47(3): 21-26.
[6] YU Qingmin, LI Xiaolei, ZHAI Yong. Feature extraction method of rolling bearing inner ring in wind turbine based on improved EMD and feature box [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2017, 47(3): 89-95.
[7] GUO Chao, YANG Yan, JIANG Yongquan, SONG Yi. Condition recognition of high-speed train based on multi-view classification ensemble [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2017, 47(1): 7-14.
[8] ZHONG Zhiyan, WEN Zhiqiang, ZHANG Xiaoyun, YE Degang. Neighborhood similarity descriptor used in halftone image [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2016, 46(3): 58-64.
[9] LU Dan, ZHOU Yiqi. Vibration analysis of excavator seat based on EEMD and CWT [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2015, 45(3): 58-64.
[10] ZHOU Zhe, SHANG Lin. A sentiment analysis method based on dynamic lexicon and three-way decision [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2015, 45(1): 19-23.
[11] YU Hai-jing1,2, LI Gui-ju1*. Color smoke image recognition based on differential box-counting fractal dimension algorithm [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2014, 44(1): 35-40.
[12] ZHANG Guo-dong1,2, ZHANG Hua-xiang1,2*. Text categorization algorithm based on non-linear manifold learning and k-NN [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2013, 43(1): 28-33.
[13] YAN Yun-yang1,2, TANG Yan-yan2, LIU Yi-an2, ZHANG Tian-yi3. Flame detection based on LBP features with multiscales and SVM [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2012, 42(5): 47-52.
[14] ZHANG Yong-jun1, LIU Jin-ling2, YU Chang-hui3. A spam short message classification method based on word contribution [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2012, 42(5): 87-90.
[15] LI Hui1,2, HU Yun1,3, LI Cun-hua1. The technique of gas disaster information feature extraction based on rough set theory [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2012, 42(5): 91-95.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of Journal of Shandong University (Engineering Science)
Supported by Beijing Magtech Co.Ltd