Abstract
Nowadays, analysis methods based on big data have been widely used in malicious software detection. Since Android has become the dominator of smartphone operating system market, the number of Android malicious applications are increasing rapidly as well, which attracts attention of malware attackers and researchers alike. Due to the endless evolution of the malware, it is critical to apply the analysis methods based on machine learning to detect malwares and stop them from leakaging our privacy information. In this paper, we propose a novel Android malware detection method based on binary texture feature recognition by Local Binary Pattern and Principal Component Analysis, which can visualize malware and detect malware accurately. Also, our method analyzes malware binary directly without any decompiler, sandbox or virtual machines, which avoid time and resource consumption caused by decompiler or monitor in this process. Experimentation on 5127 benigns and 5560 malwares shows that we obtain a detection accuracy of 90%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IDC: Smartphone OS Market Share (2016) Q3. http://www.idc.com/promo/smartphone-market-share/os
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14 (2011)
Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: Nineteenth Annual Network & Distributed System Security Symposium Ndss12 Isoc (2012)
Wang, R., Xing, L., Wang, X., Chen, S.: Unauthorized origin crossing on mobile platforms: threats and mitigation. In: 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 635–646 (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109 (2012)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off my market: detecting malicious apps in official and alternative android markets. In: Nineteenth Annual Network & Distributed System Security Symposium Ndss12 Isoc (2012)
Wei, F., Roy, S., Ou, X., Robby: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1329–1341 (2014)
Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 421–430 (2007)
Nataraj, L., Manjunath, B.S.: SPAM: signal processing to analyze malware. J. IEEE Sig. Process. Mag. 33(2), 105–117 (2016)
Nataraj, L., Yegneswaran, V., Porras, P., Zhang, J.: A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: 4th ACM Workshop on Security and Artificial Intelligence, pp. 21–30 (2011)
Olivia, A., Torralba, A.: Modeling the shape of a scene: a holistic representation of the spatial envelope. J. Comput. Vis. 42(3), 145–175 (2001)
Rashidi, B., Fung, C., Vu, T.: RecDroid: a resource access permission control portal and recommendation service for smartphone users. In: ACM MobiCom Workshop on Security and Privacy in Mobile Environments, pp. 13–18 (2014)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: 18th ACM Conference on Computer and Communications Security, pp. 627–638 (2011)
Anderson, B., et al.: Improving malware classification: bridging the static/dynamic gap. In: 5th ACM Workshop on Security and Artificial Intelligence, pp. 3–14 (2012)
Raman, K., et al.: Selecting features to classify malware. In: InfoSec Southwest, pp. 1–5 (2012)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: 16th ACM Conference on Computer and Communications Security (CCS), pp. 235–245 (2009)
Zhang, J., et al.: Malware variant detection using opcode image recognition with small training sets. In: 2016 25th International Conference on Computer Communication and Networks (ICCCN), pp. 1–9 (2016)
Grace, M., et al.: Riskranker: scalable and accurate zero-day android malware detection. In: 10th International Conference on Mobile Systems, Applications, and Services (MOBISYS), pp. 281–294 (2012)
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICSSITE, vol. 127, pp. 86–103. Springer, Cham (2013). doi:10.1007/978-3-319-04283-1_6
Kong, D., et al.: Discriminant malware distance learning on structural information for automated malware classification. In: 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1357–1365 (2013)
Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 393–407 (2010)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011)
Kwong, L., Yin, Y.H.: Droidscope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: 21st USENIX Conference on Security Symposium USENIX Association, pp. 1–16 (2012)
Sophos mobile security threat report, mobile world congress. https://www.sophos.com/en-us/press-office/press-releases/2014/02/mobileworldcongress2014.aspx
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.: Malware images: visualization and autmatic classification. In: International Symposium on Visualization for Cyber Security, pp. 1–7 (2011)
Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: efficient and explainable detection of android malware in your pocket. In: 21th Annual Network and Distributed System Security Symposium (NDSS) (2014)
Spreitzenbarth, M., Echtler, F., Schreck, T., Freling, F., Hoffmann, J.: MobileSandbox: looking deeper into android applications. In: 28th International ACM Symposium on Applied Computing (SAC) (2013)
Ojala, T., Pietikäinen, M., Mäenpää, T.: Gray scale and rotation invariant texture classification with local binary patterns. In: Vernon, D. (ed.) ECCV 2000. LNCS, vol. 1842, pp. 404–420. Springer, Heidelberg (2000). doi:10.1007/3-540-45054-8_27
Zhang, J., et al.: Malware variant detection using opcode image recognition. In: 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS), pp. 1175–1180 (2016)
Acknowledgement
This work is partially supported by the National Science foundation of China under Grant No. 61472131, No. 61300218 and No. 61472132. The Natural Science Foundation of Hunan Province under Grant No. 2017JJ2292 and Outstanding Youth Research Project of Provincial Education Department of Hunan under Grant No. 17B030. Science and Technology Key Projects of Hunan Province (2015TP1004, 2015SK2087, 2015JC1001, 2016JC2012).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wu, Q., Qin, Z., Zhang, J., Yin, H., Yang, G., Hu, K. (2017). Android Malware Detection Using Local Binary Pattern and Principal Component Analysis. In: Zou, B., Li, M., Wang, H., Song, X., Xie, W., Lu, Z. (eds) Data Science. ICPCSEE 2017. Communications in Computer and Information Science, vol 727. Springer, Singapore. https://doi.org/10.1007/978-981-10-6385-5_23
Download citation
DOI: https://doi.org/10.1007/978-981-10-6385-5_23
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6384-8
Online ISBN: 978-981-10-6385-5
eBook Packages: Computer ScienceComputer Science (R0)