Skip to main content
Springer Nature Link
Log in

Keep Calm and Know Where to Focus: Measuring and Predicting the Impact of Android Malware

  • Conference paper
  • First Online:
Advanced Data Mining and Applications (ADMA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11323))

Included in the following conference series:

Abstract

Android malware can pose serious security threat to the mobile users. With the rapid growth in malware programs, categorical isolation of malware is no longer satisfactory for security risk management. It is more pragmatic to focus the limited resources on identifying the small fraction of malware programs of high security impact. In this paper, we define a new research issue of measuring and predicting the impact of the detected Android malware. To address this issue, we first propose two metrics to isolate the high impact Android malware programs from the low impact ones. With the proposed metrics, we created a new research dataset including high impact and low impact Android malware samples. The dataset allows us to empirically discover the driving factors for the high malware impact. To characterize the differences between high impact and low impact Android malware, we leverage features from two sources available in every Android application. (1) the readily available AndroidManifest.xml file and (2) the disassembled code from the compiled binary. From these characteristics, we trained a highly accurate classifier to identify high impact Android malware. The experimental results show that our proposed method is feasible and has great potential in predicting the impact of Android malware in general.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.checkpoint.com/products-solutions/mobile-security/.

  2. 2.

    https://www.symantec.com/.

  3. 3.

    https://www.kaspersky.com/.

  4. 4.

    https://www.mcafee.com/us/index.html.

  5. 5.

    https://www.checkpoint.com/downloads/resources/copycat-research-report.pdf.

References

  1. Global market share held by the leading smartphone operating systems in sales to end users from 1st quarter 2009 to 1st quarter 2017. https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/ (2017). Accessed 28 June 2017

  2. Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6

    Chapter  Google Scholar 

  3. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS (2014)

    Google Scholar 

  4. Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  5. Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Dexpler: converting android Dalvik Bytecode to Jimple for static analysis with soot. In: Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, pp. 27–38. ACM (2012)

    Google Scholar 

  6. Bläsing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 55–62. IEEE (2010)

    Google Scholar 

  7. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)

    Google Scholar 

  8. Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: MAST: triage for market-scale mobile malware analysis. In: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, pp. 13–24. ACM (2013)

    Google Scholar 

  9. Desnos, A.: Androguard (2011). https://github.com/androguard/androguard

  10. Desnos, A., Gueguen, G.: Android: from reversing to decompilation. In: Proceedings of Black Hat Abu Dhabi, pp. 77–101 (2011)

    Google Scholar 

  11. Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)

    Article  Google Scholar 

  12. Enck, W., Octeau, D., McDaniel, P.D., Chaudhuri, S.: A study of android application security. In: USENIX Security Symposium, vol. 2, p. 2 (2011)

    Google Scholar 

  13. Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M.S., Bharmal, A.: AndroSimilar: robust statistical feature signature for Android malware detection. In: Proceedings of the 6th International Conference on Security of Information and Networks, pp. 152–159. ACM (2013)

    Google Scholar 

  14. Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576–587. ACM (2014)

    Google Scholar 

  15. Feng, Y., Bastani, O., Martins, R., Dillig, I., Anand, S.: Automated synthesis of semantic malware signatures using maximum satisfiability. In: NDSS (2017)

    Google Scholar 

  16. Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of android malware using embedded call graphs. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, pp. 45–54. ACM (2013)

    Google Scholar 

  17. Hearst, M.A., Dumais, S.T., Osuna, E., Platt, J., Scholkopf, B.: Support vector machines. IEEE Intell. Syst. Their Appl. 13(4), 18–28 (1998)

    Article  Google Scholar 

  18. Hinton, G.E.: Visualizing high-dimensional data using t-SNE. Vigiliae Christianae 9(2), 2579–2605 (2008)

    MATH  Google Scholar 

  19. Hou, S., Ye, Y., Song, Y., Abdulhayoglu, M.: HinDroid: an intelligent android malware detection system based on structured heterogeneous information network (2017)

    Google Scholar 

  20. Huang, C.Y., Tsai, Y.T., Hsu, C.H.: Performance evaluation on permission-based detection for Android malware. In: Pan, J.S., Yang, C.N., Lin, C.C. (eds.) Advances in Intelligent Systems and Applications, vol. 2, pp. 111–120. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35473-1_12

    Chapter  Google Scholar 

  21. Lueg, C.: 8,400 new Android malware samples every day, April 2017. https://www.gdatasoftware.com/blog/2017/04/29712-8-400-new-android-malware-samples-every-day. Accessed 28 June 2017

  22. Octeau, D., Jha, S., McDaniel, P.: Retargeting android applications to Java Bytecode. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, p. 6. ACM (2012)

    Google Scholar 

  23. Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the third ACM Conference on Data and Application Security and Privacy, pp. 209–220. ACM (2013)

    Google Scholar 

  24. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: permission usage to detect malware in android. In: Herrero, Á., et al. (eds.) International Joint Conference CISIS’12-ICEUTE\(^\prime \)12-SOCO\(^\prime \)12 Special Sessionspp, pp. 289–298. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-33018-6_30

    Chapter  Google Scholar 

  25. Snell, B.: Mobile threat report: what’s on the horizon for 2016. Intel Security and McAfee, 1 March 2016

    Google Scholar 

  26. Wognsen, E.R., Karlsen, H.S., Olesen, M.C., Hansen, R.R.: Formalisation and analysis of Dalvik Bytecode. Sci. Comput. Program. 92, 25–55 (2014)

    Article  Google Scholar 

  27. Wu, C., Zhou, Y., Patel, K., Liang, Z., Jiang, X.: AirBag: boosting smartphone resistance to malware infection. In: NDSS (2014)

    Google Scholar 

  28. Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69. IEEE (2012)

    Google Scholar 

  29. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: USENIX Security Symposium, pp. 569–584 (2012)

    Google Scholar 

  30. Yang, W., Xiao, X., Andow, B., Li, S., Xie, T., Enck, W.: AppContext: differentiating malicious and Benign mobile app behaviors using context. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE), vol. 1, pp. 303–313. IEEE (2015)

    Google Scholar 

  31. Zhang, Y., et al.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 611–622. ACM (2013)

    Google Scholar 

  32. Zheng, M., Sun, M., Lui, J.C.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 163–171. IEEE (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, Deakin University, Geelong, Australia

    Junyang Qiu, Wei Luo & Lei Pan

  2. Data61, CSIRO, Melbourne, Australia

    Surya Nepal

  3. Digital Research and Innovation Capability Platform, Swinburne University of Technology, Melbourne, Australia

    Jun Zhang & Yang Xiang

Authors
  1. Junyang Qiu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Surya Nepal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yang Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lei Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Junyang Qiu .

Editor information

Editors and Affiliations

  1. University of Connecticut, Storrs, CT, USA

    Guojun Gan

  2. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Bohan Li

  3. The University of Queensland, Brisbane, QLD, Australia

    Xue Li

  4. Beijing Institute of Technology, Beijing, China

    Shuliang Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Qiu, J., Luo, W., Nepal, S., Zhang, J., Xiang, Y., Pan, L. (2018). Keep Calm and Know Where to Focus: Measuring and Predicting the Impact of Android Malware. In: Gan, G., Li, B., Li, X., Wang, S. (eds) Advanced Data Mining and Applications. ADMA 2018. Lecture Notes in Computer Science(), vol 11323. Springer, Cham. https://doi.org/10.1007/978-3-030-05090-0_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05090-0_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05089-4

  • Online ISBN: 978-3-030-05090-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation