Show simple item record

dc.contributor.authorWang, Wei
dc.contributor.authorGao, Zhenzhen
dc.contributor.authorZhao, Meichen
dc.contributor.authorLi, Yidong
dc.contributor.authorLiu, Jiqiang
dc.contributor.authorZhang, Xiangliang
dc.date.accessioned2018-05-22T09:46:12Z
dc.date.available2018-05-22T09:46:12Z
dc.date.issued2018-05-11
dc.identifier.citationWang W, Gao Z, Zhao M, Li Y, Liu J, et al. (2018) DroidEnsemble: Detecting Android Malicious Applications with Ensemble of String and Structural Static Features. IEEE Access: 1–1. Available: http://dx.doi.org/10.1109/ACCESS.2018.2835654.
dc.identifier.issn2169-3536
dc.identifier.doi10.1109/ACCESS.2018.2835654
dc.identifier.urihttp://hdl.handle.net/10754/627931
dc.description.abstractAndroid platform has dominated the Operating System of mobile devices. However, the dramatic increase of Android malicious applications (malapps) has caused serious software failures to Android system and posed a great threat to users. The effective detection of Android malapps has thus become an emerging yet crucial issue. Characterizing the behaviors of Android applications (apps) is essential to detecting malapps. Most existing work on detecting Android malapps was mainly based on string static features such as permissions and API usage extracted from apps. There also exists work on the detection of Android malapps with structural features, such as Control Flow Graph (CFG) and Data Flow Graph (DFG). As Android malapps have become increasingly polymorphic and sophisticated, using only one type of static features may result in false negatives. In this work, we propose DroidEnsemble that takes advantages of both string features and structural features to systematically and comprehensively characterize the static behaviors of Android apps and thus build a more accurate detection model for the detection of Android malapps. We extract each app’s string features, including permissions, hardware features, filter intents, restricted API calls, used permissions, code patterns, as well as structural features like function call graph. We then use three machine learning algorithms, namely, Support Vector Machine (SVM), k-Nearest Neighbor (kNN) and Random Forest (RF), to evaluate the performance of these two types of features and of their ensemble. In the experiments, We evaluate our methods and models with 1386 benign apps and 1296 malapps. Extensive experimental results demonstrate the effectiveness of DroidEnsemble. It achieves the detection accuracy as 95.8% with only string features and as 90.68% with only structural features. DroidEnsemble reaches the detection accuracy as 98.4% with the ensemble of both types of features, reducing 9 false positives and 12 false negatives compared to the results with only string features.
dc.description.sponsorshipThe work reported in this paper is supported in part by National Key R&D Program of China, under grant 2017YFB0802805, in part by Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, under Grant AGK2015002, in part by ZTE Corporation Foundation, under Grant K17L00190, in part by Funds of Science and Technology on Electronic Information Control Laboratory, under Grant K16GY00040, in part by the Fundamental Research funds for the central Universities of China, under grant K17JB00060 and K17JB00020, and in part by Natural Science Foundation of China, under Grant U1736114 and 61672092.
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.relation.urlhttps://ieeexplore.ieee.org/document/8357771
dc.rights(c) 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Released under the IEEE Open Access Publishing Agreement.
dc.subjectAndroid malicious application analysis
dc.subjectAndroids
dc.subjectFeature extraction
dc.subjectFlow graphs
dc.subjectHardware
dc.subjectHumanoid robots
dc.subjectmalware analysis
dc.subjectSoftware
dc.subjectsoftware failure reduction
dc.subjectstatic analysis
dc.subjectSupport vector machines
dc.titleDroidEnsemble: Detecting Android Malicious Applications with Ensemble of String and Structural Static Features
dc.typeArticle
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
dc.contributor.departmentComputer Science Program
dc.identifier.journalIEEE Access
dc.eprint.versionPublisher's Version/PDF
dc.contributor.institutionScience and Technology on Electronic Information Control Laboratory, Chengdu 610036, China
dc.contributor.institutionBeijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, 3 Shangyuancun, Beijing 100044, China
kaust.personZhang, Xiangliang
refterms.dateFOA2018-06-14T08:33:17Z
dc.date.published-online2018-05-11
dc.date.published-print2018


Files in this item

Thumbnail
Name:
08357771.pdf
Size:
839.8Kb
Format:
PDF
Description:
Publisher's Version

This item appears in the following Collection(s)

Show simple item record