Abstract
To solve the problem that using a single feature cannot play the role of multiple features of Android application in malicious code detection, an Android malicious code detection mechanism is proposed based on integrated learning on the basis of dynamic and static detection. Considering three types of Android behavior characteristics, a three-layer hybrid algorithm was proposed. And it combined the malicious code detection based on digital signature to improve the detection efficiency. The digital signature of the known malicious code was extracted to form a malicious sample library. The authority that can reflect Android malicious behavior, API call and the running system call features were also extracted. An expandable hybrid discriminant algorithm was designed for the above three types of features. The algorithm was tested with machine learning method by constructing the optimal classifier suitable for the above features. Finally, the Android malicious code detection system was designed and implemented based on the multi-layer hybrid algorithm. The experimental results show that the system performs Android malicious code detection based on the combination of signature and dynamic and static features. Compared with other related work, the system has better performance in execution efficiency and detection rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ham, H.-S., Choi, M.-J.: Analysis of android malware detection performance using machine learning classifiers. Int. Conf. ICT Convergence (ICTC) 8(3), 156–174 (2013)
Seo, S.H., Gupta, A., Mohamed, S.A.: Detecting mobile malware threats to homeland security through static analysis. J. Netw. Comput. 38(22), 43–53 (2014)
Hsu, Y., Lee, D.: Machine learning for implanted malicious code detection with incompletely specified system implementations. In: IEEE International Conference on Network Protocols. IEEE (2011)
Elovici, Y., Shabtai, A., Moskovitch, R., Tahan, G., Glezer, C.: Applying machine learning techniques for detection of malicious code in network traffic. In: Hertzberg, J., Beetz, M., Englert, R. (eds.) KI 2007. LNCS (LNAI), vol. 4667, pp. 44–50. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74565-5_5
Zhao, H.: Implementation and application of android NDK development environment. Comput. Knowl. Technol. 06(35) (2010)
Zhouxin, H., Gongjie, Z.: Selective integrated classification algorithm based on k-fold cross validation. Bull. Sci. Technol. 12, 115–117 (2013)
RodrÃguez, J.J., Kuncheva, L.I., Alonso, C.J.: Rotation forest: a new classifier ensemble method. IEEE Trans. Pattern Anal. Mach. Intell. 28(10), 1619–1630 (2006)
Yajing, X., Yuanzheng, W.: Improvement of principal component analysis applied method. Pract. Recogn. Math. 36(6), 68–75 (2006)
Larose, D.T.: K-Nearest Neighbor Algorithm. Discovering Knowledge in Data: An Introduction to Data Mining. Wiley, Hoboken (2004)
Huaping, S., Zheng, Y., Chengyu, Y.: Research on SVM algorithm and its application. J. Lanzhou Jiaotong Univ. 25(1), 104–106 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yu, Q., Zhao, H. (2019). Integrated Multi-featured Android Malicious Code Detection. In: Cheng, X., Jing, W., Song, X., Lu, Z. (eds) Data Science. ICPCSEE 2019. Communications in Computer and Information Science, vol 1058. Springer, Singapore. https://doi.org/10.1007/978-981-15-0118-0_16
Download citation
DOI: https://doi.org/10.1007/978-981-15-0118-0_16
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0117-3
Online ISBN: 978-981-15-0118-0
eBook Packages: Computer ScienceComputer Science (R0)