Abstract
In recent years, with the increasing demand for mobile Internet, smartphones represented by the Android system begin to play an increasingly important role in people’s daily life. Due to the payment and social functions of smartphones, users’ property safety and personal privacy are increasingly threatened by malicious mobile apps. Lured by great interests, malicious applications began to spread in the mobile platform, malicious code is escalating, Android-side security is facing great threats. Therefore, it is very important to study the detection of malicious code in Android. This paper studies and analyzes the status of Android malicious code detection. On the basis of dynamic detection, this paper presents a dynamic detection algorithm of multi-feature IGK. The algorithm optimizes feature selection and Gaussian kernel function and applies the improved algorithm to multi-feature training to improve the detection accuracy of malicious code. We track application system calls and system service calls while the system is running, extract features from system call sequences and system service calls. Then we use the improved weighted information gain method to select the features. Finally, in view of the deficiencies of the traditional Gaussian kernel function in recognition rate and processing time, an improved Gaussian kernel function is proposed for machine learning. We evaluated our approach with 800 benign applications and 1200 malicious applications. The experimental results show that by the above two improvements, the highest detection rate is 97.5%, better than the existing methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1 000000 apps later: a view on current Android malware behaviors. In: Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) (2014)
DroidBox: Android application sandbox (2011). https://code.google.com/
Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1–6. USENIX Association (2010)
Steven, A., Siegfried, R., Christian, F., Eric, B.: Flow-droid: precise context flow field object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th International Conference on Security (2014)
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) Security and Privacy in Communication Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 127, pp. 86–103. Springer, Cham (2013)
Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), Tokyo, pp. 62–69. IEEE (2012)
Schmidt, A.-D., et al.: Detecting Symbian OS malware through static function call analysis. In: 2009 4th International Conference on Malicious and Unwanted Software (MAL-WARE). IEEE (2009)
Liu, J., Wu, H., Wang, H.: A detection method for malicious codes in Android apps. In: 10th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 2014), Beijing, vol. 8, no. 2, pp. 514–519 (2014)
Jeong, J., Seo, D., Milburn, J.: MysteryChecker: unpredictable attestation to detect repackaged malicious applications in Android. In: 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), Fajardo, PR, vol. 10, no. 3, pp. 50–57 (2014)
Afonso, V.M., Amorim, M.F.D., Grégio, A.R.A., et al.: Identifying Android malware using dynamically obtained features. J. Comput. Virol. Hacking Tech. 11(1), 9–17 (2015)
Lin, Y.D., Lai, Y.C., Chen, C.H., et al.: Identifying Android malicious repackaged applications by thread-grained system call sequences. Comput. Secur. 39(39), 340–350 (2013)
Wang, W., Wang, X., Feng, D., et al.: Exploring permission-induced risk in Android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)
Xiao, X., Xiao, X., Jiang, Y., et al.: Identifying Android malware with system call co-occurrence matrices. Trans. Emerg. Telecommun. Technol. 27(5), 675–684 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yu, Q., Luo, X., Wang, Z. (2020). Dynamic Detection of Malicious Code on Android Based on Improved Multi-feature Gaussian Kernel. In: Liu, Y., Wang, L., Zhao, L., Yu, Z. (eds) Advances in Natural Computation, Fuzzy Systems and Knowledge Discovery. ICNC-FSKD 2019. Advances in Intelligent Systems and Computing, vol 1075. Springer, Cham. https://doi.org/10.1007/978-3-030-32591-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-32591-6_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32590-9
Online ISBN: 978-3-030-32591-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)