DyBAnd: Dynamic Behavior Based Android Malware Detection | SpringerLink
Skip to main content
Springer Nature Link
Log in

DyBAnd: Dynamic Behavior Based Android Malware Detection

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1644))

Included in the following conference series:

Abstract

Android is the most popular widely accessible smartphone operating system, yet its permission declaration and access control systems cannot detect malicious activities. Advanced malware uses cutting-edge obfuscation techniques to mask its true intentions from scanning engines, and traditional malware detection approaches are no longer effective in such cases. In this paper we propose DyBAnd, an Android malware detection approach based on Multilayer Perceptron, a neural network-based model for recognising dynamic malware activity. DyBAnd makes use of behavioural characteristics gleaned via dynamic analysis of a program running in an emulated environment, allowing it to detect malicious code in real time environment. The proposed system is tested against 17,341 contemporary applications from various domains, including Banking, Riskware, Adware, SMS, and Benign. Experimental results show that DyBAnd detects malware with a 98.98% accuracy and a false positive rate of 1.02%, significantly higher than Linear Programming. DyBAnd also outperforms conventional machine learning techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 9723
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 12154
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/ [June 12, 2022].

  2. 2.

    https://purplesec.us/resources/cyber-security-statistics/ [June 12, 2022].

  3. 3.

    https://developer.android.com/studio/test/monkey.html [June 12, 2022].

  4. 4.

    https://github.com/honeynet/droidbot [June 12, 2022].

  5. 5.

    https://www.unb.ca/cic/datasets/maldroid-2020.html [June 12, 2022].

References

  1. Sihag, V., Prakash, S., Choudhary, G., Dragoni, N., You, I.: DIMDA: deep learning and image-based malware detection for Android. In: Singh, P.K., Wierzchoń, S.T., Chhabra, J.K., Tanwar, S. (eds.) FTNCT 2021. LNEE, vol. 936, pp. 895–906. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-5037-7_64

    Chapter  Google Scholar 

  2. Bacci, A., Bartoli, A., Martinelli, F., Medvet, E., Mercaldo, F.: Detection of obfuscation techniques in Android applications. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1–9 (2018)

    Google Scholar 

  3. Sihag, V., Vardhan, M., Singh, P.: BLADE: robust malware detection against obfuscation in Android. Forensic Sci. Int. Digit. Invest. 38, 301176 (2021)

    Google Scholar 

  4. Sihag, V., Choudhary, G., Vardhan, M., Singh, P., Seo, J.T.: PICAndro: packet inspection-based Android malware detection. Secur. Commun. Netw. 2021 (2021)

    Google Scholar 

  5. Borana, P., Sihag, V., Choudhary, G., Vardhan, M., Singh, P.: An assistive tool for fileless malware detection. In: 2021 World Automation Congress (WAC), pp. 21–25. IEEE (2021)

    Google Scholar 

  6. Gyamfi, N.K., Goranin, N., Čeponis, D., Čenys, A.: Malware detection using convolutional neural network, a deep learning framework: comparative analysis. J. Internet Serv. Inf. Secur. 12(4), 102–115 (2022)

    Google Scholar 

  7. Park, J., Shim, H., Vu, L.N., Jung, S.: Android adware detection using soot and CFG. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) (4), 94–104 (2022)

    Google Scholar 

  8. Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-Sec: deep learning in Android malware detection. In: Proceedings of the 2014 ACM Conference on SIGCOMM, pp. 371–372 (2014)

    Google Scholar 

  9. Hou, S., Saas, A., Ye, Y., Chen, L.: DroidDelver: an Android malware detection system using deep belief network based on API call blocks. In: Song, S., Tong, Y. (eds.) WAIM 2016. LNCS, vol. 9998, pp. 54–66. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47121-1_5

    Chapter  Google Scholar 

  10. Xiao, X., Zhang, S., Mercaldo, F., Hu, G., Sangaiah, A.K.: Android malware detection based on system call sequences and LSTM. Multimed. Tools Appl. 78(4), 3979–3999 (2019). https://doi.org/10.1007/s11042-017-5104-0

    Article  Google Scholar 

  11. Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: DL-Droid: deep learning based Android malware detection using real devices. Comput. Secur. 89, 101663 (2020)

    Article  Google Scholar 

  12. Mahdavifar, S., Ghorbani, A.A.: Application of deep learning to cybersecurity: a survey. Neurocomputing 347, 149–176 (2019)

    Article  Google Scholar 

  13. Sihag, V., Vardhan, M., Singh, P., Choudhary, G., Son, S.: De-LADY: deep learning based Android malware detection using dynamic features. J. Internet Serv. Inf. Secur. 11(2), 34–45 (2021)

    Google Scholar 

  14. Machiry, A., Tahiliani, R., Naik, M.: Dynodroid: an input generation system for Android apps. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 224–234 (2013)

    Google Scholar 

  15. Anand, S., Naik, M., Harrold, M.J., Yang, H.: Automated concolic testing of smartphone apps. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, pp. 1–11 (2012)

    Google Scholar 

  16. Hao, S., Liu, B., Nath, S., Halfond, W.G.J., Govindan, R.: PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps. In: Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services, pp. 204–217 (2014)

    Google Scholar 

  17. Cai, H., Meng, N., Ryder, B., Yao, D.: DroidCat: effective Android malware detection and categorization via app-level profiling. IEEE Trans. Inf. Forensics Secur. 14(6), 1455–1470 (2018)

    Article  Google Scholar 

  18. Sihag, V., Swami, A., Vardhan, M., Singh, P.: Signature based malicious behavior detection in Android. In: Chaubey, N., Parikh, S., Amin, K. (eds.) COMS2 2020. CCIS, vol. 1235, pp. 251–262. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-6648-6_20

    Chapter  Google Scholar 

  19. Tam, K., Fattori, A., Khan, S., Cavallaro, L.: CopperDroid: automatic reconstruction of Android malware behaviors. In: NDSS Symposium 2015, pp. 1–15 (2015)

    Google Scholar 

Download references

Acknowledgement

This work has been supported by project TRANSACT funded under H2020-EU.2.1.1. - INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies - Information and Communication Technologies (grant agreement ID: 101007260).

Author information

Authors and Affiliations

  1. Department of Science, Technology and Forensics, Sardar Patel University of Police, Security and Criminal Justice, Jodhpur, India

    Shashank Jaiswal & Vikas Sihag

  2. DTU Compute, Technical University of Denmark, 2800, Kongens Lyngby, Denmark

    Gaurav Choudhary & Nicola Dragoni

Authors
  1. Shashank Jaiswal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vikas Sihag
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gaurav Choudhary
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicola Dragoni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaurav Choudhary .

Editor information

Editors and Affiliations

  1. Kookmin University, Seoul, Korea (Republic of)

    Ilsun You

  2. Sangmyung University, Cheonan-si, Korea (Republic of)

    Hwankuk Kim

  3. Middle East Technical University, Ankara, Türkiye

    Pelin Angin

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jaiswal, S., Sihag, V., Choudhary, G., Dragoni, N. (2023). DyBAnd: Dynamic Behavior Based Android Malware Detection. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-4430-9_15

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-4429-3

  • Online ISBN: 978-981-99-4430-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics