Skip to main content
SpringerLink
Log in

Bio-inspired for Features Optimization and Malware Detection

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

The leaking of sensitive data on Android mobile device poses a serious threat to users, and the unscrupulous attack violates the privacy of users. Therefore, an effective Android malware detection system is necessary. However, detecting the attack is challenging due to the similarity of the permissions in malware with those seen in benign applications. This paper aims to evaluate the effectiveness of the machine learning approach for detecting Android malware. In this paper, we applied the bio-inspired algorithm as a feature optimization approach for selecting reliable permission features that able to identify malware attacks. A static analysis technique with machine learning classifier is developed from the permission features noted in the Android mobile device for detecting the malware applications. This technique shows that the use of Android permissions is a potential feature for malware detection. The study compares the bio-inspired algorithm [particle swarm optimization (PSO)] and the evolutionary computation with information gain to find the best features optimization in selecting features. The features were optimized from 378 to 11 by using bio-inspired algorithm: particle swarm optimization (PSO). The evaluation utilizes 5000 Drebin malware samples and 3500 benign samples. In recognizing the Android malware, it appears that AdaBoost is able to achieve good detection accuracy with a true positive rate value of 95.6%, using Android permissions. The results show that particle swarm optimization (PSO) is the best feature optimization approach for selecting features.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Nokia: Nokia Malware Report Shows Surge in Mobile Device Infections in 2016. http://company.nokia.com/en/news/press-releases/2016/09/01/nokia-malware-report-shows-surge-in-mobile-device-infections-in-2016

  2. Symantec Corporation: Internet Security Threat Report (2016)

  3. Fionna Agomuoh: “Godless” Android Malware Could Infect 90 Percent Of Google-Based Smartphones: How to Protect Your Device. http://www.idigitaltimes.com/godless-android-malware-could-infect-90-percent-google-based-smartphones-how-protect-542161

  4. Conner Forrest: HummingBad Malware Infects 10 Million Android Devices, Millions More at Risk. http://www.techrepublic.com/article/hummingbad-malware-infects-10-million-android-devices-millions-more-at-risk/

  5. Tam, K.; Feizollah, A.L.I.; Anuar, N.O.R.B.; Salleh, R.; Cavallaro, L.: The evolution of android malware and android analysis techniques. ACM Comput. Surv. 49, 1–41 (2017)

    Article  Google Scholar 

  6. Martin Zhang: Android Ransomware Variant Uses Clickjacking to Become Device Administrator. https://www.symantec.com/connect/blogs/android-ransomware-variant-uses-clickjacking-become-device-administrator

  7. Razak, M.F.A.; Anuar, N.B.; Salleh, R.; Firdaus, A.: The rise of “malware”: bibliometric analysis of malware study. J. Netw. Comput. Appl. 75, 58–76 (2016)

    Article  Google Scholar 

  8. Tegawend, K.A.; Bissyand, F.; Quentin, J.; Radu, K.; Le, Traon Y.: Empirical assessment of machine learning-based malware detectors for Android measuring the gap between in-the-lab and in-the-wild validation scenarios. Empir. Softw. Eng. 21, 183–211 (2016)

    Article  Google Scholar 

  9. Narudin, F.A.; Feizollah, A.; Anuar, N.B.; Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft. Comput. 20, 343–357 (2016)

    Article  Google Scholar 

  10. Gheorghe, L.; Marin, B.; Gibson, G.; Mogosanu, L.; Deaconescu, R.; Voiculescu, V.-G.; Carabas, M.: Smart malware detection on Android. Secur. Commun. Netw. 8, 4254–4272 (2015)

    Article  Google Scholar 

  11. Afifi, F.; Anuar, N.B.; Shamshirband, S.; Choo, K.-K.R.: DyHAP: dynamic hybrid ANFIS-PSO approach for predicting mobile malware. PLoS ONE 11, e0162627 (2016)

    Article  Google Scholar 

  12. Aafer, Y.; Du, W.; Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. Secur. Priv. Commun. Netw. 127, 86–103 (2013)

    Article  Google Scholar 

  13. Talha, K.A.; Alper, D.I.; Aydin, C.: APK Auditor: permission-based Android malware detection system. Digital Investig. 13, 1–14 (2015)

    Article  Google Scholar 

  14. Suarez-tangil, G.; Tapiador, J.E.; Peris-lopez, P.; Blasco, J.: DENDROID: a text mining approach to analyzing and classifying code structures in Android malware families. Expert Syst. Appl. 41, 1104–1117 (2014)

    Article  Google Scholar 

  15. Firdaus, A.; Anuar, N.B.; Razak, M.F.A.; Sangaiah, A.K.: Bio-inspired computational paradigm for feature investigation and malware detection: interactive analytics. Multimed. Tools Appl. (2017). https://doi.org/10.1007/s11042-017-4586-0

    Article  Google Scholar 

  16. Yuan, Z.; Lu, Y.; Xue, Y.: DroidDetector: Android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21, 114–123 (2016)

    Article  Google Scholar 

  17. Suleiman, Y.; Yerima, S.S.; Muttik, I.: High accuracy android malware detection using ensemble learning. IET Inf. Secur. 9, 313–320 (2015)

    Article  Google Scholar 

  18. SAS Enterprise: Machine Learning. http://www.sas.com/it_it/insights/analytics/machine-learning.html

  19. Allix, K.; Bissyandé, T.F.; Jérome, Q.; Klein, J.; State, R.; Le Traon, Y.: Empirical assessment of machine learning-based malware detectors for Android: measuring the gap between in-the-lab and in-the-wild validation scenarios. Empir. Softw. Eng. 21, 183–211 (2016)

    Article  Google Scholar 

  20. Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16, 303–336 (2014)

    Article  Google Scholar 

  21. Sheen, S.; Anitha, R.; Natarajan, V.: Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing 151, 905–912 (2015)

    Article  Google Scholar 

  22. Zhao, M.; Zhang, T.; Ge, F.; Yuan, Z.: RobotDroid: a lightweight malware detection framework on smartphones. J. Netw. 7, 715–722 (2012)

    Google Scholar 

  23. Adewole, K.S.; Anuar, N.B.; Kamsin, A.; Varathan, K.D.; Razak, S.A.: Malicious accounts: dark of the social networks. J. Netw. Comput. Appl. 79, 41–67 (2017)

    Article  Google Scholar 

  24. Egele, M.; Scholte, T.; Kirda, E.; Kruegel, C.: A survey on automated dynamic malware analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 1–49 (2012)

    Article  Google Scholar 

  25. Veerwal, D.; Menaria, P.: Ensemble of soft computing techniques for malware detection. Int. J. Emerg. Technol. Comput. Appl. Sci. (IJETCAS) 6, 159–167 (2013)

    Google Scholar 

  26. Firdaus, A.; Anuar, N.B.; Karim, A.; Razak, M.F.A.; Discovering optimal features using static analysis and genetic search based method for android malware detection. Front. Inf. Technol. Electron. Eng. (2017). https://doi.org/10.1631/FITEE.1601491

    Article  Google Scholar 

  27. Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of Android permissions and applications. In: Data and Applications Security and Privacy, vol. XXVII, pp. 226–241 (2013)

    Google Scholar 

  28. Zhou, Y.; Jiang, X.: Dissecting Android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109 (2012)

  29. Enck, W.; Gilbert, P.; Chun, B.-G.; Cox, L.P.; Jung, J.; McDaniel, P.; Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32, 1–29 (2014)

    Article  Google Scholar 

  30. Tchakounte, F.: Permission-based malware detection mechanisms on Android: analysis and perspectives. J. Comput. Sci. Softw. Appl. 1, 63–77 (2014)

    Google Scholar 

  31. Institute, I.: Importance of Security in Mobile Platforms. http://resources.infosecinstitute.com/importance-of-security-in-mobile-platforms/

  32. Aung, Z.; Zaw, W.: Permission-based android malware detection. Int. J. Sci. Technol. Res. 2, 228–234 (2013)

    Google Scholar 

  33. Developer, A.: Android Permission. https://developer.android.com/guide/topics/security/permissions.html

  34. Developer, A.: Android Permission. http://developer.android.com/guide/topics/manifest/permission-element.html

  35. Feizollah, A.; Anuar, N.B.; Salleh, R.; Suarez-Tangil, G.; Furnell, S.: AndroDialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)

    Article  Google Scholar 

  36. Fang, Z.; Han, W.; Li, Y.: Permission based Android security: issues and countermeasures. Comput. Secur. 43, 205–218 (2014)

    Article  Google Scholar 

  37. Liao, H.-J.; Richard Lin, C.-H.; Lin, Y.-C.; Tung, K.-Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36, 16–24 (2012)

    Article  Google Scholar 

  38. Xue, B.; Zhang, M.J.; Browne, W.N.: Particle swarm optimization for feature selection in classification: a multi-objective approach. IEEE Trans. Cybern. 43, 1656–1671 (2013)

    Article  Google Scholar 

  39. Sujithra, M.; Padmavathi, G.: Enhanced permission based malware detection in mobile devices using optimized random forest classifier with PSO-GA. Res. J. Appl. Sci. Eng. Technol. 12, 732–741 (2016)

    Google Scholar 

  40. Liu, Y.; Wang, G.; Chen, H.; Dong, H.: An improved particle swarm optimization for feature selection. J. Bionic Eng. 8, 191–200 (2011)

    Article  Google Scholar 

  41. Adebayo, O.S.; AbdulAziz, N.: Android malware classification using static code analysis and Apriori algorithm improved with particle swarm optimization. In: 2014 Fourth World Congress on Information and Communication Technologies (WICT), pp. 123–128 (2014)

  42. Ahmad, I.: Feature selection using particle swarm optimization. Int. J. Sens. Netw. 2015, 1–8 (2015)

    Article  Google Scholar 

  43. Kumar, V.; Minz, S.: Feature selection: a literature review. Smart Comput. Rev. 4, 211–229 (2014)

    Article  Google Scholar 

  44. Arp, D.; Spreitzenbarth, M.; Malte, H.; Gascon, H.; Rieck, K.: Drebin: Effective and explainable detection of android malware in your pocket. In: Symposium on Network and Distributed System Security (NDSS), pp. 1–15 (2014)

  45. McWilliams, G.; Sezer, S.; Yerima, S.Y.: Analysis of Bayesian classification-based approaches for Android malware detection. IET Inf. Secur. 8, 25–36 (2014)

    Article  Google Scholar 

  46. Allix, K.; Bissyandé, T.F.; Klein, J.; Le Traon, Y.: AndroZoo: collecting millions of Android apps for the research community. In: 13th International Workshop on Mining Software Repositories-MSR ’16, pp. 468–471 (2016)

  47. Elish, K.O.; Shu, X.; Yao, D.D.; Ryder, B.G.; Jiang, X.: Profiling user-trigger dependence for Android malware detection. Comput. Secur. 49, 255–273 (2015)

    Article  Google Scholar 

  48. Somarriba, O.; Zurutuza, U.; Uribeetxeberria, R.; Delosières, L.; Nadjm-tehrani, S.: Detection and visualization of android malware behavior. J. Electr. Comput. Eng. 2016, 1–17 (2016)

    Article  Google Scholar 

  49. Zhang, Y.; Lee, W.; Huang, Y.-A.: Intrusion detection techniques for mobile wireless networks. Wirel. Netw. 9, 545–556 (2003)

    Article  Google Scholar 

  50. Shabtai, A.; Kanonov, U.; Elovici, Y.; Glezer, C.; Weiss, Y.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38, 161–190 (2012)

    Article  Google Scholar 

  51. Gaviria, J.; Puerta, D.; Sanz, B.; Grueiro, I.S.; Bringas, P.G.: The evolution of permission as feature for AndroidMalware detection. In: International Joint Conference, Advances in Intelligent Systems and Computing, p. 761 (2013)

  52. Wu, D.-J.; Mao, C.-H.; Wei, T.-E.; Lee, H.-M.; Wu, K.-P.: DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security, pp. 62–69 (2012)

  53. Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27, 861–874 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer System and Technology, Faculty of Computer Science and Information Technology, University of Malaya, 50603, Kuala Lumpur, Malaysia

    Mohd Faizal Ab Razak, Nor Badrul Anuar, Fazidah Othman, Ahmad Firdaus, Firdaus Afifi & Rosli Salleh

  2. Faculty of Computer Systems and Software Engineering, University Malaysia Pahang, Lebuhraya Tun Razak, 26300, Gambang, Kuantan, Pahang, Malaysia

    Mohd Faizal Ab Razak & Ahmad Firdaus

Authors
  1. Mohd Faizal Ab Razak
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nor Badrul Anuar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fazidah Othman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ahmad Firdaus
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Firdaus Afifi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Rosli Salleh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Mohd Faizal Ab Razak or Nor Badrul Anuar.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Razak, M.F.A., Anuar, N.B., Othman, F. et al. Bio-inspired for Features Optimization and Malware Detection. Arab J Sci Eng 43, 6963–6979 (2018). https://doi.org/10.1007/s13369-017-2951-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-017-2951-y

Keywords

Search

Navigation