Framework for malware analysis in Android

  • Christian Urcuqui-López Grupo de Investigación i2t, Universidad Icesi Cali,
  • Andrés Navarro Cadavid Grupo de Investigación i2t, Universidad Icesi Cali,
Keywords: Framework, machine learning, security, Google, malware.


Android is a open source operating system with more than a billion of users, including all kind of devices (cell phones, TV, smart watch, etc). The amount of sensitive data “using” this technologies has increased the cyber criminals interest to develop tools and techniques to acquire that information or to disrupt the device's smooth operation. Despite several solutions are able to guarantee an adequate level of security, day by day the hackers skills grows up (because of their growing experience), what means a permanent challenge for security tools developers. As a response, several members of the research community are using artificial intelligence tools for Android security, particularly machine learning techniques to classify between healthy and malicious apps; from an analytic review of those works, this paper propose a static analysis framework and machine learning to do that classification.


Download data is not yet available.

Author Biographies

Christian Urcuqui-López, Grupo de Investigación i2t, Universidad Icesi Cali,

Systems Engineer (emphasis in Management and Computing) and Master in Computing Management and Telecommunications from Universidad Icesi (Cali-Colombia). Member of Informatics and Telecommunications research group [i2t]. His areas of interest include: artificial intelligence, machine learning and security applied to informatics. 



Andrés Navarro Cadavid, Grupo de Investigación i2t, Universidad Icesi Cali,
Electronic Engineer and Magister in Technology Management of the Universidad Pontificia Bolivariana (Medellín, Colombia) and Doctor of Engineering in Telecommunications of the Universidad Politécnica de Valencia (Spain). Full time professor and leader of the Informatics and Telecommunications research group (i2T) attached to the Information and Communications Department at the Universidad Icesi (Cali-Colombia). Counselor at the National Program of Electronics, Telecommunications and Informatics [ETI]. His areas of interest include Spectrum Management, Cognitive Radio, and Telematics solutions for health


Batyuk, L., Herpich, M., Camtepe, S. A., Raddatz, K., Schmidt, A., & Albayrak, S. (2011). Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on. Piscataway, NJ: IEEE.

Chan, P. K. & Lippmann, R. P. (2006). Machine learning for computer security. The Journal of Machine Learning Research, 7, 2669-2672.

Chang, C. C. & Lin, C. J. (2011). LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology (TIST), 2(3), 27.

Documentation of scikit-learn 0.16.1. (2014). [blog: Scikit-learn]. Retrieved from:

Drake, J. J., Lanier, Z., Mulliner, C., Fora, P. O., Ridley, S. A., & Wicherski, G. (2014, March 26). Android Hacker's Handbook. John Wiley & Sons.

Elenkov, N. (2014). Android security internals: An in-depth guide to Android's security architecture. San Francisco, CA: No Starch Press.

Feizollah, A., Anuar, N. B., Salleh, R., Amalina, F., Ma’arof, R. U. R., & Shamshirband, S. (2014). A study of machine learning classifiers for anomaly-based mobile botnet detection. Malaysian Journal of Computer Science, 26(4), 251-265.

Fuentes, M. & Gómez, J. (2014). Valoración de la plataforma ASEF como base para detección de malware en aplicaciones Android. Ingenium, 8(21), 11-23.

Ghorbanzadeh, M., Chen, Y., Ma, Z., Clancy, T. C., & McGwier, R. (2013, January). A neural network approach to category validation of android applications. In Computing, Networking and Communications (ICNC), 2013 International Conference on (pp. 740-744). Piscataway, NJ: IEEE.

Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., & Witten, I. H. (2009). The WEKA data mining software: an update. ACM SIGKDD explorations newsletter, 11(1), 10-18.

Krutz, D. E., Mirakhorli, M., Malachowsky, S. A., Ruiz, A., Peterson, J., Filipski, A., & Smith, J. (2015, May). A dataset of open-source Android applications. In Mining Software Repositories (MSR), 2015 IEEE/ACM 12th Working Conference on (pp. 522-525). Los Alamitos, CA: IEEE Computer Society.

Londoño, S., Urcuqui, C., Amaya, M., Gómez, J., & Cadavid, A. (2015). SafeCandy: System for security, analysis and validation in Android. Sistemas & Telemática, 13(35), 89-102.

Metz, C. (2016, junio 2). Google’s training its ai to be Android’s security guard. Wired. Retrieved from:

Narudin, F. A., Feizollah, A., Anuar, N. B., & Gani, A. (2014). Evaluation of machine learning classifiers for mobile malware detection. Soft Computing, 20(1), 343-357. 2014.

Peiravian, N., & Zhu, X. Machine learning for android malware detection using permission and api calls. In Tools with Artificial Intelligence (ICTAI), 2013 IEEE 25th International Conference on (pp. 300-305). Los Alamitos, CA: IEEE Computer Society.

Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., & Ioannidis, S. (2014, April). Rage against the virtual machine: hindering dynamic analysis of android malware. In Proceedings of the Seventh European Workshop on System Security (p. 5). New York, NY: ACM.

Pichai, S. (2014). Google I/O 2014 - Keynote [video. 6:43m]. Retrieved from

Sahs, J., & Khan, L. (2012). A machine learning approach to android malware detection. In Intelligence and Security Informatics Conference (EISIC), 2012 European (pp. 141-147). Los Alamitos, CA: IEEE Computer Society.

Sharif, M. I., Lanzi, A., Giffin, J. T., & Lee, W. (2008). Impeding malware analysis using conditional code obfuscation. In NDSS Symposium 2008 (paper 19). Reston, VA: Internet Society. Retrieved from:

Urcuqui, C. & Cadavid, A. Machine learning classifiers for Android malware analysis. Proceedings of the IEEE Colombian Conference on Communications and Computing 2016 [in press].

Wu, W. C. & Hung, S. H. (2014). DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems (pp. 247-252). New York, NY: ACM. October 2014.

Yerima, S. Y., Sezer, S., McWilliams, G., & Muttik, I. (2013). A new android malware detection approach using bayesian classification. In Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on (pp. 121-128). Los Alamitos, CA: IEEE Computer Society.

Zhou, Y., & Jiang, X. (2012, May). Dissecting android malware: Characterization and evolution. In Proceedings 2012 IEEE Symposium on Security and Privacy: S&P 2012 (pp. 95-109). Los Alamitos, CA: IEEE Computer Society.
Discussion papers