Instance-based Anomaly Method for Android Malware Detection

Borja Sanz, Igor Santos, Xabier Ugarte-Pedrero, Carlos Laorden, Javier Nieves, Pablo G. Bringas


The usage of mobile phones has increased in our lives because they offer nearly the same functionality as a personal computer. Besides, the number of applications available for Android-based mobile devices has increased. Android application distribution is based on a centralized market where the developers can upload and sell their applications. However, as it happens with any popular service, it is prone to misuse and, in particular, malware writers can use this market to upload their malicious creations. In this paper, we propose a new method that, based upon several features that are extracted from the AndroidManifest file of the legitimate applications, builds an anomaly detection system able to detect malware.


  1. Blasing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S. A., and Albayrak, S. (2010). An android application sandbox system for suspicious software detection. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, pages 55-62. IEEE.
  2. Burguera, I., Zurutuza, U., and Nadjm-Tehrani, S. (2011). Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 15-26. ACM.
  3. Egele, M., Kruegel, C., Kirda, E., and Vigna, G. (2011). Pios: Detecting privacy leaks in ios applications. In Proceedings of the Network and Distributed System Security Symposium.
  4. Mylonas, A., Kastania, A., and Gritzalis, D. (2012). Delegate the smartphone user? security awareness in smartphone platforms. Computers & Security.
  5. Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., and Molloy, I. (2012). Using probabilistic generative models for ranking risks of android apps. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 241- 252. ACM.
  6. Rastogi, V., Chen, Y., and Jiang, X. (2013). Evaluating android anti-malware against transformation attacks.
  7. Schmidt, A.-D., Camtepe, A., and Albayrak, S. (2010). Static smartphone malware detection. In proceedings of the 5th Security Research Conference (Future Security 2010), ISBN, pages 978-3.
  8. Shabtai, A. and Elovici, Y. (2010). Applying behavioral detection on android-based devices. Mobile Wireless Middleware, Operating Systems, and Applications, pages 235-249.
  9. Shabtai, A., Fledel, Y., and Elovici, Y. (2010). Automated static code analysis for classifying android applications using machine learning. In Computational Intelligence and Security (CIS), 2010 International Conference on, pages 329-333. IEEE.
  10. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., and Weiss, Y. (2012). andromaly: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, pages 1-30.
  11. Singh, Y., Kaur, A., and Malhotra, R. (2009). Comparative analysis of regression and machine learning methods for predicting fault proneness models. International Journal of Computer Applications in Technology, 35(2):183-193.
  12. Tata, S. and Patel, J. M. (2007). Estimating the selectivity of tf-idf based cosine similarity predicates. ACM SIGMOD Record, 36(2):7-12.
  13. Zhou, Y. and Jiang, X. (2012). Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 95-109. IEEE.

Paper Citation

in Harvard Style

Sanz B., Santos I., Ugarte-Pedrero X., Laorden C., Nieves J. and G. Bringas P. (2013). Instance-based Anomaly Method for Android Malware Detection . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 387-394. DOI: 10.5220/0004529603870394

in Bibtex Style

author={Borja Sanz and Igor Santos and Xabier Ugarte-Pedrero and Carlos Laorden and Javier Nieves and Pablo G. Bringas},
title={Instance-based Anomaly Method for Android Malware Detection},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},

in EndNote Style

JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Instance-based Anomaly Method for Android Malware Detection
SN - 978-989-8565-73-0
AU - Sanz B.
AU - Santos I.
AU - Ugarte-Pedrero X.
AU - Laorden C.
AU - Nieves J.
AU - G. Bringas P.
PY - 2013
SP - 387
EP - 394
DO - 10.5220/0004529603870394