Joshua Abah, Adati Elkanah Chahari, Esther Alu Samuel, Emmanuel P. Musa


We present behaviour-based detection as an approach to mitigating zero-day attacks on Android. This is as a result of the drawbacks of signature-based approach commonly in use in most antivirus engines. The Signature-based approach requires the analysis and storage of signature strings of malware with which new attacks are compared. This makes the detection of new attacks whose signatures have not been gotten impossible. For these attacks to be detected, patches must be developed for them. This unknown attack is referred to as zero-day attacks. Moreover, developing patches takes time creating a vulnerability window that could be exploited hence, there is the need to be able to detect zero-day attacks in real-time. To demonstrate the capability of detecting zero-day attacks, dynamic analysis of applications was adopted in this research. A detection system was developed for the Android system and features were extracted from the device and used to analyze the behaviour of the system. The K-Nearest Neighbour (KNN) classifier was used and results showed that this approach has 93.75% accuracy and 6.25% error rate. The Area Under Curve (AUC) of the Receiver Operating Characteristics (ROC) stands at 0.996 out of 1. This result showed that behavioural detection promises a future for malware detection with respect to zero-day detection. It is recommended that the features be extended to include features at a lower level of granularity that represents system-wide behaviour. In addition, this approach should be adopted by other mobile platforms beside Android.

Full Text:



Abhijit, B. & Shin, K.G. (2006). Proactive Security for Mobile Messaging Networks. In ACM Workshop on Wireless Security, WiSe '06, pp. 95-104.

Abhijit, B., Xin H., Kang, G.S., & Taejoon, P. (2008). Behavioral Detection of Malware on Mobile Handsets. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys ’08, pp. 225–238.

Ali, F., Nor, B.A., Rosli, S., Fairuz, A., Rauf, R.M., & Shahaboddin, S. (2013). A Study of Machine Learning Classifiers for Anomaly-based Mobile Botnet Detection. Malaysian Journal of Computer Science, 26(4), pp. 251-265.

Asaf S., Uri K., Yuval E., Chanan G., & Yael W. (2011). Anomaly: A Behavioural Malware Detection Framework for Android Devices. Journal of Intelligent Information Systems, pp 1-30. DOI: 10.1007/s10844-010-0148-x.

Aswathy, D. (2013). An Analysis of Mobile Malware and Detection Techniques. pp 1- 13. Retrieved from visited 10th March 2014.

Aubery-Derrick S. (2011). “Detection of Smart Phone Malware”, Electronic and Information Technology University Berlin Unpublished Ph.D. Thesis. PP. 1- 211.

Bryan, D, Yifei, J., Abhishek, J. & Shivakant, M. (2011). Location-Based Power Analysis to Detect Malicious Code in Smartphones. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM ’11, pp. 27–32.

Burguera, I., Zurutuza, U. & Nadjm-Tehrani, S. (2011). Crowdroid: Behavior-based Malware Detection System for Android. In Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15-26.

Christodorescu, M. (2007). Behavior-based Malware Detection. Unpublished Ph.D. Thesis, Computer Science and Engineering, University of Wisconsin-Madison, August 2007, 1-54.

Christodorescu, M. & Jha, S. (2003). Testing Malware Detectors. In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’04), July 11-14, 2004, Boston, Massachusetts, USA. 34-44. DOI: 10.1145/1007512.1007518.

Damopoulos, D., Menesidou, S.A., Kambourakis, G., Papadaki, M., Clarke, N. and Gritzalis, S. (2011). Evaluation of Anomaly-based IDS for Mobile Devices Using Machine Learning Classifiers. John Wiley & Sons, Ltd. Security and Communication Networks 2011; 00:1-9. DOI:10.1002/sec

Denis, M. (February 2012). Mobile Malware Evolution, Part 5. Securedlist, pp. 1. Retrieved from Part_5

Gartner, (November 2015). Worldwide Smartphone Sales to End Users by Operating System in 3Q15. Gartner Report Retrieved from markets-drove- worldwide-smartphone-sales-to-15-5-percent-growth-in-third-quarter-of- 2015/ visited 20th January, 2016.

Hahnsang, K., Joshua, S. & Kang, G.S., (2008). Detecting Energy Greedy Anomalies and Mobile Malware Variants. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys ’08, pp. 239–252.

Joshua, A., Waziri, O.V., Abdullahi, M.B., Ume, U.A. & Adewale, O.S., (2015). Extracting Android Applications Data for Anomaly-based Malware Detection. Global Journal of Computer Science and Technology (E) Network, Web and Security (GJCST-E), 15(5): Version I, pp. 1-8.

Jacobym G.A., Marchany R., Davis N.J. IV (2006). How Mobile Host Batteries Can Improve Network Security. IEEE Security and Privacy Vol. 4 PP. 40-49.

Lei, L., Guanhua, Y., Xinwen, Z. & Songqing C. (2009). Virusmeter: Preventing your Cell Phone from Spies. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, RAID ’09, pp. 244–264.

Liang Xie, Xinwen Zhang, Jean-Pierre Seifert, and Sencun Zhu, (2010). PBMDS: A Behavior-based Malware Detection System for Cell Phone Devices. In Proceedings of the third ACM conference on Wireless network security, WiSec ’10, pp. 37–48.

Lovi D. & Divya, B. (2014). Taxonomy: Mobile Malware Threats and Detection Techniques. Dhinaharan Nagamalai (Eds) : ACITY, WiMoN, CSIA, AIAA, DPPR, NECO, InWeS2014 pp. 213–221.

Markus, M., Perttu, H. & Kimmo, H. (2006). Host-Based Intrusion Detection for Advanced Mobile Devices, In IEEE 20th International Conference on Advanced Information Networking and Applications, 2006. AINA 2006. 2, 72-76, DOI:10.1109/AINA.2006.192

Mutz, D., Valeur, F., Vigna, G. (2006). Anomalous System Call Detection. ACM Transactions on Information and System Security 9(1), 61-93.

Nwokedi, I. & Aditya, P.M. (2007). A Survey of Malware Detection Techniques. Unpublished Predoctoral Fellowship and Purdue Doctoral Fellowship Research Report, Department of Computer Science, Purdue University, West Lafayette IN 47907. pp. 1-48.

Oberheide, J., Evan, C. & Farnam, J. (2008). cloudCloudAV: N-version Antivirus in the Network Cloud. In Proceedings of the 17th USENIX Security Symposium (Security ’08), San Jose, CA, July 2008.

Raymond, W.L, Karl, N.L. & Ronald, A.O. (1995). MCF: A Malicious Code Filter. Computers and Security, 14(6), pp. 541 – 566.

Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C. & Weiss, Y. (2010). Anomaly: A Behavioural Malware Detection Framework for Android Devices. Journal of Intelligent Information Systems, pp. 1-30, DOI: 10.1007/s10844-010-0148-x.

Spamlaws, (2017). Zero-Day Attacks and How to Prevent Them. visited 21st June 2017.

Srikanth, R. (2012). Mobile Malware Evolution, Detection, and Defense, EECE 571B Unpublished Term Survey Paper, Institute for Computing, Information and Cognitive Systems, University of British Columbia, Vancouver, Canada, April 2012, pp. 1-4. Retrieved from visited 2nd April 2014.

Statista, (2015). Global Smartphone Sales 2009-2014, by OS. Retrieved from visited 11th November 2015.

Su, S., Chuah, M. & Tan G., (2012). Smartphone Dual Defense Protection Framework: Detecting Malicious Applications in Android Markets, Proceedings of the 2012 8th International Conference on Mobile Ad hoc and Sensor Networks, Chengdu, China, pp. 153-160.

Tchakounté, F. & Dayang, P. (2013). System Calls Analysis of Malware on Android. International Journal of Science and Technology 2(9), pp. 669-674.

Xie, L., Zhang, X., Seifert, J.P. & Zhu, S. (2010). pBMDS: A Behavior-based Malware Detection System for Cell Phone Devices. In: Proceedings of the Third ACM Conference on Wireless Network Security, WISEC 2010, Hoboken, New Jersey, USA, March 22-24, 2010, pp. 37-48.

Yajin, Z., Zhi, W., Wu, Z. & Xuxian, J. (2012). Hey, you, get off of my Market: Detecting malicious Apps in Official and Alternative Android Markets. In Proceedings of the 19th Network and Distributed System Security Symposium, 2012, pp. 44.

You, J.H., Daeyeol, M., Hyung-Woo, L., Jae, D.L. & Jeong, N.K. (2014). Android Mobile Application System Call Event Pattern Analysis for Determination of Malicious Attack. International Journal of Security and Its Applications 8(1), pp. 231-246. Visited 9th February 2015.


  • There are currently no refbacks.