Malware detection is an important task for the ecosystem of mobile applications (APPs), especially for the Android ecosystem, and is vital to guarantee the user experience of Android APPs. There have been some exiting methods trying to solve the problem of malware detection, but the methods suffer from several defects, such as high time complexity and mediocre accuracy, which seriously decrease the practicability of existing methods. To solve these problems, in this study, we propose a novel Android malware detection framework, where we contribute an efficient Application Programming Interface (API) call sequences extraction algorithm and an investigation of different types of classifiers. In API call sequences extraction, we propose an algorithm for transforming the function call graph from a multigraph into a directed simple graph, which successfully avoids the unnecessary repetitive path searching. We also propose a pruning search, which further reduces the number of paths to be searched. Our algorithm greatly reduces the time complexity. We generate the transition matrix as classification features and investigate three types of machine learning classifiers to complete the malware detection task. The experiments are performed on real-world Android Packages (APKs), and the results demonstrate that our method significantly reduces the running time and produces high detection accuracy.
K E Y W O R D SAndroid (operating system), computational complexity, pattern classification, software quality, software reliability
| INTRODUCTIONMobile applications (APPs) have been indispensable to daily lives, and the Android and iOS are the two most widely used mobile platforms [1]. There are a bunch of mobile APP markets and people expect to download high-quality APPs from those markets. But the mobile markets probably involve the malicious APPs (i.e. malware), especially the Android APP markets [2]. Malwares contain the malicious codes that are likely to affect the integrity, confidentiality or functionality of APPs [3]. Malwares usually have seven characteristics, which are the forced installation, difficult uninstallation, browser hijacking, advertisement pop-up, malicious user information collection, malicious uninstallation and malicious bundling [4]. Cyber-criminals may use malwares to attack individuals and organisations, which can disrupt operating systems, invade computer networks, steal confidential data, collect personal information, hijack data, or encrypt sensitive data [5]. Such malicious behaviours seriously compromise user information and system security. Therefore, malware detection is an inevitable task.Researchers have developed several solutions to detect malwares for Android and there are three mainstream methodologies, that is, dynamic analysis, network traffic analysis andThis is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial...