ABSTRACT
With explosive growth of Android malware and due to the severity of its damages to smart phone users, the detection of Android malware has become increasingly important in cybersecurity. The increasing sophistication of Android malware calls for new defensive techniques that are capable against novel threats and harder to evade. In this paper, to detect Android malware, instead of using Application Programming Interface (API) calls only, we further analyze the different relationships between them and create higher-level semantics which require more effort for attackers to evade the detection. We represent the Android applications (apps), related APIs, and their rich relationships as a structured heterogeneous information network (HIN). Then we use a meta-path based approach to characterize the semantic relatedness of apps and APIs. We use each meta-path to formulate a similarity measure over Android apps, and aggregate different similarities using multi-kernel learning. Then each meta-path is automatically weighted by the learning algorithm to make predictions. To the best of our knowledge, this is the first work to use structured HIN for Android malware detection. Comprehensive experiments on real sample collections from Comodo Cloud Security Center are conducted to compare various malware detection approaches. Promising experimental results demonstrate that our developed system HinDroid outperforms other alternative Android malware detection techniques.
Supplemental Material
- Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: Behavior-based Malware Detection System for Android SPSM.Google ScholarDigital Library
- Marko Dimjasevic, Simone Atzeni, Ivo Ugrina, and Zvonimir Rakamaric 2016. Evaluation of Android Malware Detection Based on System Calls IWSPA.Google Scholar
- Marko Dimjavseviç, Simone Atzeni, Ivo Ugrina, and Zvonimir Rakamaric 2015. Android Malware Detection Based on System Calls. Technical Report.Google Scholar
- Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wagner. 2011. A Survey of Mobile Malware in the Wild. In SPSM. Google ScholarDigital Library
- Mehmet Gönen and Ethem Alpaydin 2011. Multiple Kernel Learning Algorithms. Journal of Machine Learning Research Vol. 12 (2011), 2211--2268.Google ScholarDigital Library
- Jiawei Han, Yizhou Sun, Xifeng Yan, and Philip S. Yu. 2010. Mining Knowledge from Databases: An Information Network Analysis Approach SIGMOD.Google Scholar
- Xiaofei He, Deng Cai, and Partha Niyogi 2005. Laplacian Score for Feature Selection. In Advances in Neural Information Processing Systems 18.Google Scholar
- Shifu Hou, Aaron Saas, Yanfang Ye, and Lifei Chen. 2016. DroidDelver: An Android Malware Detection System Using Deep Belief Network Based on API Call Blocks. In WAIM. 54--66.Google Scholar
- Xiangnan Kong, Jiawei Zhang, and Philip S. Yu. 2013. Inferring anchor links across multiple heterogeneous social networks CIKM. 179--188.Google Scholar
- N. Peiravian and X. Zhu 2013. Machine Learning for Android Malware Detection Using Permission and API Calls IEEE ICTAI. 300--305.Google Scholar
- Y. Yu, Z. Chen, B. Cao, W. Dong, Y. Guo, and J. Cao. 2013. MobSafe: cloud computing based forensic analysis for massive mobile applications using data mining. Tsinghua Science and Technology Vol. 18, 4 (August 2013), 418--427. Google ScholarCross Ref
- Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran, and Phillip Porras 2014. Droid Miner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications. In 19th European Symposium on Research in Computer Security. 163--182.Google Scholar
- Jiawei Zhang, Xiangnan Kong, and Philip S. Yu. 2013. Predicting Social Links for New Users across Aligned Heterogeneous Social Networks ICDM. 1289--1294.Google Scholar
- Jiawei Zhang, Xiangnan Kong, and Philip S. Yu. 2014. Transferring heterogeneous links across location-based social networks WSDM. 303--312.Google Scholar
- Peixiang Zhao, Jiawei Han, and Yizhou Sun 2009. P-Rank: a comprehensive structural similarity measure over information networks CIKM. 553--562.Google Scholar
Index Terms
- HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network
Recommendations
A malware detection system based on heterogeneous information network
RACS '18: Proceedings of the 2018 Conference on Research in Adaptive and Convergent SystemsIn this era of information networks, more and more malware (malicious software) poses a serious threat to security. How to detect malware attacks in a timely and effective manner becomes particularly important. The increasingly sophisticated malware ...
Adaptive Android Malware Signature Detection
ICCET '18: Proceedings of the 2018 International Conference on Communication Engineering and TechnologyThis paper proposes signature-based malware detection using permission and broadcast-receiver data, which is extracted from the manifest file. The malicious signatures are constructed from 800 applications thru the filtering and statistical processes. ...
Semantic modelling of Android malware for effective malware comprehension, detection, and classification
ISSTA 2016: Proceedings of the 25th International Symposium on Software Testing and AnalysisMalware has posed a major threat to the Android ecosystem. Existing malware detection tools mainly rely on signature- or feature- based approaches, failing to provide detailed information beyond the mere detection. In this work, we propose a precise ...
Comments