Abstract
This paper presents a static feature extraction framework for Android malware analysis. The techniques are implemented by extracting prominent features from the components of Android application package i.e. AndroidManifest.XML files. Five different types of features likely permissions, count of permission, hardware features, software features as well as API calls from 1175 .apk files are mined for performing the investigation. The objective of this work is to evaluate if independent features are effective in comparison to ensemble features. Feature reduction is performed to investigate the impact of varied feature length on classification accuracy. Feature selection techniques such as Bi–Normal Separation, Mutual Information, Relevancy score, Kolmogorov dependence and Kullback Leibler are administered to choose the significant attributes. The proposed method introduced here using dimensionality reduction and machine learning algorithms produces an overall classification accuracy of 93.02% with ensemble features. Comparing the empirical results of ensemble features with individual features, the former improved the classification accuracy with Bi–Normal Separation.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Androguard, http://code.google.com/p/androguard/ (accessed September 12, 2013 )
Malware apk, http://contagiominidump.blogspot.in/2011/07/take-sample-leave-sample-mobile-malware.html (accessed September 22, 2013)
Apk file format, http://www.file-extensions.org/article/android-apk-file-format-description (accessed October 5, 2013)
Z-score Table, http://www.stat.tamu.edu/lzhou/stat302/standardnormaltable.pdf (accessed October 13, 2013 )
Android Developers, http://developer.android.com/about/index.html (accessed March 10, 2014 )
Symantec Corporation, Internet Security Threat Report 2014, vol. 19 (2014)
Feature selection, Ling, Fei Xia, http://courses.washington.edu/ling572/winter2013/slides/class7_feature_selection.pdf (accessed April 9, 2014)
Battiti, R.: Using Mutual Information for Selecting Features in Supervised Neural Net Learning. IEEE Transactions oN Neural Networks 5(4) (1994)
Liaw, A., Wiener, M.: Classification and Regression by Random Forest, 18–22 (December 2002)
Forman, G.: An Extensive Empirical Study of Feature Selection Metrics for Text Classification, Special Issue on Variable and Feature Selection. Journal of Machine Learning Research, 1289–1305 (2003)
Tang, L., Liu, H.: Bias Analysis in Text Classification for Highly Skewed Data. In: ICDM, pp. 781–784. IEEE Computer Society (2005)
Forman, G.: BNS Scaling: A Complement to Feature Selection for SVM Text Classification In Hewlett-Packard Labs Tech Report HPL-2006-19 (2006)
Filiol, E., Jacob, G., Le Liard, M.: Evaluation Methodology and Theoretical Model for Antiviral Behavioural Detection Strategies. Journal in Computer Virology (2006); WTCV 2006 Special Issue, Bonfante, G., Marion, J.-Y. (eds.)
Bonev, B.I.: Feature Selection based on Information Theory, http://www.dccia.ua.es/~boyan/papers/TesisBoyan.pdf (accessed May 10, 2014)
Frank, E., Hall, M.A., Holmes, G., Kirkby, R., Pfahringer, B.: WEKA - A Machine Learning Workbench for Data Mining. In: The Data Mining and Knowledge Discovery Handbook, pp. 1305–1314 (2005)
Shabtai, A., Elovici, Y.: Applying Behavioral Detection on Android-Based Devices. In: Cai, Y., Magedanz, T., Li, M., Xia, J., Giannelli, C. (eds.) Mobilware 2010. LNICST, vol. 48, pp. 235–249. Springer, Heidelberg (2010)
Shabtai, A.: Malware Detection on Mobile Devices. In: 11th International Conference on Mobile Data Management (2010)
Heger, D.A.: Mobile Devices - An Introduction to the Android Operating Environment Design, Architecture, and Performance Implications (2011)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: A Behavioral Malware Detection Framework for Android Devices. J. Intell. Inf. Syst. (2012)
Huang, C.-Y., Tsai, Y.-T., Hsu, C.-H.: Performance Evaluation on Permission-Based Detection for Android Malware. In: Pan, J.-S., Yang, C.-N., Lin, C.-C. (eds.) Advances in Intelligent Systems & Applications. SIST, vol. 21, pp. 111–120. Springer, Heidelberg (2012)
Aung, Z., Zaw, W.: Permission-Based Android Malware Detection. International Journal of Scientific & Technology Research 2, 228–234 (2013)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: Permission Usage to Detect Malware in Android. In: Herrero, Á., et al. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)
Sanz, B., Santos, I., Ugarte-Pedrero, X., Laorden, C., Nieves, J., Bringas, P.G.: Instance-based Anomaly Method for Android Malware Detection. In: SECRYPT 2013, pp. 387–394 (2013)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Nieves, J., Bringas, P.G., Álvarez, G.: Mama: manifest Analysis for Malware Detection in Android. In: Cybernetics and Systems, pp. 469–488 (2013)
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Heidelberg (2013)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket. In: 17th Network and Distributed System Security Symposium (NDSS) (February 2014)
Aswini, A.M., Vinod, P.: Droid Permission Miner: Mining Prominent Permissions for Android Malware Analysis. In: 5th International Conference on the Applications of the Digital Information and Web Technologies (ICADIWT 2014), pp. 81–86 (2014)
Freund, Y., Schapire, R.E.: Experiments with a new boosting algorithm. In: Thirteenth International Conference on Machine Learning, pp. 148–156 (1996)
Kohavi, R.: A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection. In: 14th International Joint Conference on Artificial Intelligence, IJCAI 1995, Canada, August 20-25, pp. 1137–1145 (1995)
Tan, P.-N., Steinbach, M., Kumar, V.: Introduction to Data Mining. Addison-Wesley (2005) ISBN 0-321-32136-7
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Aswini, A.M., Vinod, P. (2014). Android Malware Analysis Using Ensemble Features. In: Chakraborty, R.S., Matyas, V., Schaumont, P. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2014. Lecture Notes in Computer Science, vol 8804. Springer, Cham. https://doi.org/10.1007/978-3-319-12060-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-12060-7_20
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12059-1
Online ISBN: 978-3-319-12060-7
eBook Packages: Computer ScienceComputer Science (R0)