DATDroid: Dynamic Analysis Technique in Android Malware Detection

Rajan Thangaveloo, Wong Wang Jing, Chiew Kang Leng, Johari Abdullah


Android system has become a target for malware developers due to its huge market globally in recent years. The emergence of 5G in the market and limited protocols post a great challenge to the security in Android. Hence, various techniques have been taken by researchers to ensure high security in Android devices. There are three types of analysis namely static, dynamic and hybrid analysis used to detect and analyze the malicious application in Android. Due to evolving nature of the malware, it is very challenging for the existing techniques to detect and analyze it efficiently and accurately. This paper proposed a Dynamic Analysis Technique in Android Malware detection called DATDroid. The proposed technique consists of three phases, which includes feature extraction, feature selection and classification phases. A total of five features namely system call, errors and time of system call process, CPU usage, memory and network packets are extracted. During the classification 70% of the dataset was allocated for training phase and 30% for testing phase using machine learning algorithm. Our experimental results achieved an overall accuracy of 91.7% with lower false positive rates as compared to benchmarked method. DATDroid also achieved higher precision and recall rate of 93.1% and 90.0%, respectively. Hence our proposed technique has proven to be able to classify malware more accurately and reduce misclassification of malware application as benign significantly.


android malware; dynamic analysis; static analysis; hybrid analysis; malware detection.

Full Text:



Smartphone Market Data (2019) on IDC website. [Online]. Available: https://www.idc.com/promo/smartphone-market-share/

M. Novinson. (2019) The 10 Biggest Android Security Threats in 2018 on The Channel Company website. [Online]. Available: https://www.crn.com/slide-shows/security/the-10-biggest-android-security-threats-in-2018/

D. Goodin. (2019) One of 1st-known Android DDos malware infects phones in 100 countries on ARC Technica website. [Online]. Available: https://arstechnica.com/information-technology/2017/08/first-knownandroid-ddos-malware-infects-phones-in-100-countries/

A. Skovoroda and D. Gamayunov, “Securing mobile devices: Malware mitigation methods,” Journal of Wireless Mobile Networks, Ubiquitious Computing, and Dependable Applications., vol. 6, no. 2, pp. 78-97, 2015.

A. Anshul and K.P. Sateesh, “NTPDroid: A Hybrid Android Malware Detector using Network Traffic and System Permissions,” In IEEE BigDataSE-18, pp. 808-2813, 2018.

A. Saba, A.S. Munam, W. Abdul, M. Amjad and S. Houbing, “SAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System,” IEEE Access, vol. 6, pp. 4321-4337, 2018.

C. Mahima and K. Brij, “HAAMD: Hybrid Analysis for Android Malware Detection,” In International Conference on Computer Communication and Informatics (ICCCI-2018) Coimbatore, India. Jan 04-06, 2018.

N. Milosevic, A. Dehghantanha, and K. K. R. Choo, “Machine learning aided Android malware classification,” Computers & Electrical Engineering, 2017.

S. Y. Yerima, S. Sezer, and I. Muttik, “High accuracy android malware detection using ensemble learning,” IET Information Security, 9(6), pp.313-320, 2015.

S. Zhang, and X. Xiao, “CSCdroid: Accurately Detect Android Malware via Contribution-Level-Based System Call Categorization,” In Trustcom/BigDataSE/ICESS, 2017 IEEE, pp. 193-200, August 2017.

V. G. Shankar, G. Somani, M. S. Gaur, V. Laxmi and M Conti, “AndroTaint: An Efficient Android Malware Detection Framework using Dynamic Taint Analysis,” in ISEA Asia Security and Privacy (ISEASP), Jan. 2017.

F. Martinelli, F. Mercaldo, A. Saracino, and C. A. Visaggio, “I find your behavior disturbing: Static and dynamic app behavioral analysis for detection of android malware,” In Privacy, Security and Trust (PST), 14th Annual Conference IEEE, pp. 129-136, Dec. 2016.

T. Bhatia, and R. Kaushal, “Malware detection in android based on dynamic analysis,” In International Conference on Cyber Security and Protection of Digital Services, IEEE pp. 1-6. June 2017.

L. Liu, Y. Gu, Q. Li and P. Su, “RealDroid: Large-Scale Evasive Malware Detection on “Real Devices,” In 26th International Conference on Computer Communication and Networks (ICCCN), IEEE, 2017.

G. S. Tangil, J. E. Tapiador, F. Lombardi and R. D. Pietro, “ALTERDROID: Differentisl Fault Analysis of Obfuccated Smartphone Malware,” In IEEE Transaction on Mobile Computing, vol. 15, no. 4, pp. 789-802, April 2016.

M. Y. Su, K. T. Fung, Y. H. Huang, M. Z. Kang, and Y. H. Chung, “Detection of Android malware: Combined with static analysis and dynamic analysis,” In International Conference on High Performance Computing & Simulation (HPCS), IEEE, pp.1013-1018, July 2016.

Monkey tool (2019) on Developer Android homepage. [Online]. Available: https://developer.android.com/studio/test /monkey.html/

Alzaylaee, M. K., Yerima, S. Y., & Sezer, S., “Improving Dynamic Analysis of Android Apps Using Hybrid Test Input Generation,” In International Conference on Cyber Security and Protection of Digital Services, pp. 1-8, 2017

L. Singh and M. Hofmann, “Dynamic Behavior Analysis of Android Application of Malware Detection,” In International Conference on Intelligent Communication and Computational Techniques (ICCT). IEEE, 2017.

S. Wang, Z. Chen, L. Zhang, Q. Yan, B. Yang, L. Peng, and Z. Jia, “TrafficAV: An effective and explainable detection of mobile malware behavior using network traffic,” In IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), 2016.

(2019) Strace Utility website. [Online]. Available: https://strace.io/

ADB shell (2019) on Developer Android homepage. [Online]. Available: https://developer.android.com/studio/command-line/adb/

(2019) Tcpdump website. [Online] Available: https://www.tcpdump.org/

(2019) Wireshark website. [Online]. Available: https://www. wireshark.org/

LCoronado-De-Alba, L. D., Mota, R. A., & Ambrosio, P. J., “Feature Selection and Ensemble of Classifiers for android malware detection,” In 8th IEEE Latin-American Conference on Communications (LATINCOM). IEEE, 2016.

WEKA Tools (2019) on The University of Waikato homepage. [Online]. Available: https://www.cs.waikato.ac.nz/ml/weka/

S.S. Hansen, T.M. Larsen, M. Stevanovic, and J.M. Pedersen, “An approach for detection and family classification of malware based on behavioral analysis,” In International Conference on Computing, Networking and Communications (ICNC). IEEE. 2016.

(2019) APKPure website. [Online] Available: https://apkpure.com/

Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution,” IEEE Symposium on Security and Privacy, 2012.

(2019) VirusTotal website. [Online] Available: https://www.virustotal.com/

A. R. Onik, N. F. Haq and L. Alam, “An Analytical Comparison on Filter Feature Extraction method in Data Mining using J48 Classifier” In International Journal of Information and Education Technology, vol. 124, no. 13, 2017.

DOI: http://dx.doi.org/10.18517/ijaseit.10.2.10238


  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development