research-article

StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware

Authors:

Haojin ZhuAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 377 - 388

https://doi.org/10.1145/2897845.2897860

Published: 30 May 2016 Publication History

Abstract

Mobile devices are especially vulnerable nowadays to malware attacks, thanks to the current trend of increased app downloads. Despite the significant security and privacy concerns it received, effective malware detection (MD) remains a significant challenge. This paper tackles this challenge by introducing a streaminglized machine learning-based MD framework, StormDroid: (i) The core of StormDroid is based on machine learning, enhanced with a novel combination of contributed features that we observed over a fairly large collection of data set; and (ii) we streaminglize the whole MD process to support large-scale analysis, yielding an efficient and scalable MD technique that observes app behaviors statically and dynamically. Evaluated on roughly 8,000 applications, our combination of contributed features improves MD accuracy by almost 10% compared with state-of-the-art antivirus systems; in parallel our streaminglized process, StormDroid, further improves efficiency rate by approximately three times than a single thread.

References

[1]

Y. Aafer, W. Du, and H. Yin. Droidapiminer: Mining api-level features for robust malware detection in android. In Security and Privacy in Communication Networks, pages 86--103. Springer, 2013.

[2]

K. Allix, T. F. Bissyandé, Q. Jérome, J. Klein, Y. Le Traon, et al. Large-scale machine learning-based malware detection: confronting the 10-fold cross validation scheme with reality. In Proceedings of the 4th ACM conference on Data and application security and privacy, pages 163--166. ACM, 2014.

Digital Library

[3]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In ACM SIGPLAN Notices, volume 49, pages 259--269. ACM, 2014.

Digital Library

[4]

D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security, pages 73--84. ACM, 2010.

Digital Library

[5]

A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. Mockdroid: trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pages 49--54. ACM, 2011.

Digital Library

[6]

I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 15--26. ACM, 2011.

Digital Library

[7]

L. Cavallaro, P. Saxena, and R. Sekar. On the limits of information flow techniques for malware analysis and containment. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 143--163. Springer, 2008.

Digital Library

[8]

S. Chakradeo, B. Reaves, P. Traynor, and W. Enck. Mast: triage for market-scale mobile malware analysis. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, pages 13--24. ACM, 2013.

Digital Library

[9]

K. Chen, P. Wang, Y. Lee, X. Wang, N. Zhang, H. Huang, W. Zou, and P. Liu. Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale. In USENIX Security, volume 15, 2015.

Digital Library

[10]

G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra. Madam: A multi-level anomaly detector for android malware. In MMM-ACNS, volume 12, pages 240--253. Springer, 2012.

Digital Library

[11]

M. Egele, T. Scholte, E. Kirda, and C. Kruegel. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 44(2):6, 2012.

Digital Library

[12]

K. O. Elish, D. D. Yao, B. G. Ryder, and X. Jiang. A static assurance analysis of android applications. 2013.

[13]

W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.

Digital Library

[14]

Y. Feng, S. Anand, I. Dillig, and A. Aiken. Apposcopy: Semantics-based detection of android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 576--587. ACM, 2014.

Digital Library

[15]

H. Gascon, F. Yamaguchi, D. Arp, and K. Rieck. Structural detection of android malware using embedded call graphs. In Proceedings of the 2013 ACM workshop on Artificial intelligence and security, pages 45--54. ACM, 2013.

Digital Library

[16]

M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. Riskranker: scalable and accurate zero-day android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, pages 281--294. ACM, 2012.

Digital Library

[17]

M. C. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock android smartphones. In NDSS, 2012.

[18]

K. Griffin, S. Schneider, X. Hu, and T.-C. Chiueh. Automatic generation of string signatures for malware detection. In Recent Advances in Intrusion Detection, pages 101--120. Springer, 2009.

Digital Library

[19]

P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, pages 639--652. ACM, 2011.

Digital Library

[20]

H. Kim, J. Smith, and K. G. Shin. Detecting energy-greedy anomalies and mobile malware variants. In Proceedings of the 6th international conference on Mobile systems, applications, and services, pages 239--252. ACM, 2008.

Digital Library

[21]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 229--240. ACM, 2012.

Digital Library

[22]

A. Moser, C. Kruegel, and E. Kirda. Limits of static analysis for malware detection. In Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual, pages 421--430. IEEE, 2007.

[23]

M. Nauman, S. Khan, and X. Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 328--332. ACM, 2010.

Digital Library

[24]

N. Peiravian and X. Zhu. Machine learning for android malware detection using permission and api calls. In Tools with Artificial Intelligence (ICTAI), 2013 IEEE 25th International Conference on, pages 300--305. IEEE, 2013.

Digital Library

[25]

H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of android apps. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 241--252. ACM, 2012.

Digital Library

[26]

R. Perdisci, D. Dagon, W. Lee, P. Fogla, and M. Sharif. Misleading worm signature generators using deliberate noise injection. In Security and Privacy, 2006 IEEE Symposium on, pages 15--pp. IEEE, 2006.

Digital Library

[27]

S. Rasthofer, S. Arzt, and E. Bodden. A machine-learning approach for classifying and categorizing android sources and sinks. In 2014 Network and Distributed System Security Symposium (NDSS), 2014.

[28]

V. Rastogi, Y. Chen, and W. Enck. Appsplayground: automatic security analysis of smartphone applications. In Proceedings of the third ACM conference on Data and application security and privacy, pages 209--220. ACM, 2013.

Digital Library

[29]

V. Rastogi, Y. Chen, and X. Jiang. Droidchameleon: evaluating android anti-malware against transformation attacks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pages 329--334. ACM, 2013.

Digital Library

[30]

S. Rosen, Z. Qian, and Z. M. Mao. Appprofiler: a flexible method of exposing privacy-related behavior in android applications to end users. In Proceedings of the third ACM conference on Data and application security and privacy, pages 221--232. ACM, 2013.

Digital Library

[31]

B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Android permissions: a perspective combining risks and benefits. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pages 13--22. ACM, 2012.

Digital Library

[32]

A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Kiraz, K. Yüksel, S. Camtepe, S. Albayrak, et al. Static analysis of executables for collaborative malware detection on android. In Communications, 2009. ICC'09. IEEE International Conference on, pages 1--5. IEEE, 2009.

Digital Library

[33]

A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss. Andromaly: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 38(1):161--190, 2012.

Digital Library

[34]

G. Tahan, L. Rokach, and Y. Shahar. Mal-id: Automatic malware detection using common segment analysis and meta-features. The Journal of Machine Learning Research, 13(1):949--979, 2012.

Digital Library

[35]

C. Wu, Y. Zhou, K. Patel, Z. Liang, and X. Jiang. Airbag: Boosting smartphone resistance to malware infection. In Proceedings of the Network and Distributed System Security Symposium, 2014.

[36]

D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu. Droidmat: Android malware detection through manifest and api calls tracing. In Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on, pages 62--69. IEEE, 2012.

Digital Library

[37]

L.-K. Yan and H. Yin. Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In USENIX security symposium, pages 569--584, 2012.

Digital Library

[38]

Z. Yuan, Y. Lu, Z. Wang, and Y. Xue. Droid-sec: deep learning in android malware detection. In Proceedings of the 2014 ACM conference on SIGCOMM, pages 371--372. ACM, 2014.

Digital Library

[39]

W. Zhou, Y. Zhou, M. Grace, X. Jiang, and S. Zou. Fast, scalable detection of piggybacked mobile applications. In Proceedings of the third ACM conference on Data and application security and privacy, pages 185--196. ACM, 2013.

Digital Library

[40]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 95--109. IEEE, 2012.

Digital Library

[41]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In NDSS, 2012.

[42]

Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming information-stealing smartphone applications (on android). In Trust and Trustworthy Computing, pages 93--107. Springer, 2011.

Digital Library

Cited By

M BSathyalakshmi (2024)Enhanced Gradient Boosting Technique to Detect the Malware in API2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS)10.1109/ADICS58448.2024.10533534(01-06)Online publication date: 18-Apr-2024
https://doi.org/10.1109/ADICS58448.2024.10533534
Yunmar RKusumawardani SWidyawan Mohsen F(2024)Hybrid Android Malware Detection: A Review of Heuristic-Based ApproachIEEE Access10.1109/ACCESS.2024.337765812(41255-41286)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3377658
Mahindru AArora HKumar AGupta SMahajan SKadry SKim J(2024)PermDroid a framework developed using proposed feature selection approach and machine learning techniques for Android malware detectionScientific Reports10.1038/s41598-024-60982-y14:1Online publication date: 10-May-2024
https://doi.org/10.1038/s41598-024-60982-y
Show More Cited By

Index Terms

StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning
        Supervised learning by classification
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Idea: opcode-sequence-based malware detection
ESSoS'10: Proceedings of the Second international conference on Engineering Secure Software and Systems

Malware is every malicious code that has the potential to harm any computer or network. The amount of malware is increasing faster every year and poses a serious security threat. Hence, malware detection has become a critical topic in computer security. ...
Opcode sequences as representation of executables for data-mining-based unknown malware detection

Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

115
Total Citations
View Citations
1,293
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)5

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

M BSathyalakshmi (2024)Enhanced Gradient Boosting Technique to Detect the Malware in API2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS)10.1109/ADICS58448.2024.10533534(01-06)Online publication date: 18-Apr-2024
https://doi.org/10.1109/ADICS58448.2024.10533534
Yunmar RKusumawardani SWidyawan Mohsen F(2024)Hybrid Android Malware Detection: A Review of Heuristic-Based ApproachIEEE Access10.1109/ACCESS.2024.337765812(41255-41286)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3377658
Mahindru AArora HKumar AGupta SMahajan SKadry SKim J(2024)PermDroid a framework developed using proposed feature selection approach and machine learning techniques for Android malware detectionScientific Reports10.1038/s41598-024-60982-y14:1Online publication date: 10-May-2024
https://doi.org/10.1038/s41598-024-60982-y
K.A. AP. VK.A. RRaveendran NConti M(2024)Android malware defense through a hybrid multi-modal approachJournal of Network and Computer Applications10.1016/j.jnca.2024.104035(104035)Online publication date: Sep-2024
https://doi.org/10.1016/j.jnca.2024.104035
Song JChoi SKim JPark KPark CKim JKim I(2024)A study of the relationship of malware detection mechanisms using Artificial IntelligenceICT Express10.1016/j.icte.2024.03.00510:3(632-649)Online publication date: Jun-2024
https://doi.org/10.1016/j.icte.2024.03.005
Haidros Rahima Manzil HManohar Naik S(2024)Detection approaches for android malware: Taxonomy and review analysisExpert Systems with Applications10.1016/j.eswa.2023.122255238(122255)Online publication date: Mar-2024
https://doi.org/10.1016/j.eswa.2023.122255
Chen SLang BLiu HChen YSong Y(2024)Android malware detection method based on graph attention networks and deep fusion of multimodal featuresExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121617237:PCOnline publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121617
Singh NTripathy S(2024)It's too late if exfiltrate: Early stage Android ransomware detectionComputers & Security10.1016/j.cose.2024.103819(103819)Online publication date: Mar-2024
https://doi.org/10.1016/j.cose.2024.103819
Sharma YArora A(2024)A comprehensive review on permissions-based Android malware detectionInternational Journal of Information Security10.1007/s10207-024-00822-223:3(1877-1912)Online publication date: 4-Mar-2024
https://doi.org/10.1007/s10207-024-00822-2
Ndukwe CHomayounvala EKazemian HAraujo I(2024)Comparative Analysis of Malware Detection Response Times Across Android Versions: An Emphasis on the “Hoverwatch” ApplicationInnovative Computing and Communications10.1007/978-981-97-4152-6_8(97-116)Online publication date: 15-Oct-2024
https://doi.org/10.1007/978-981-97-4152-6_8
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents