Mining API Calls and Permissions for Android Malware Detection

Sharma, Akanksha; Dash, Subrat Kumar

doi:10.1007/978-3-319-12280-9_13

Cited by 44 publications

(30 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Sharma and Dash [16] utilized API calls and permissions to build Naive Bayes and k-NN based detection systems. In [17], API classes were used with Random Forest, J48 and SVM classifiers.…”

Section: A Static Analysis With Traditional Classifiersmentioning

confidence: 99%

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

Yerima

Sezer

2019

IEEE Trans. Cybern.

151

View full text Add to dashboard Cite

Abstract-Android malware has continued to grow in volume and complexity posing significant threats to the security of mobile devices and the services they enable. This has prompted increasing interest in employing machine learning to improve Android malware detection. In this paper we present a novel classifier fusion approach based on a multilevel architecture that enables effective combination of machine learning algorithms for improved accuracy. The framework (called DroidFusion), generates a model by training base classifiers at a lower level and then applies a set of ranking-based algorithms on their predictive accuracies at the higher level in order to derive a final classifier. The induced multilevel DroidFusion model can then be utilized as an improved accuracy predictor for Android malware detection. We present experimental results on four separate datasets to demonstrate the effectiveness of our proposed approach. Furthermore, we demonstrate that the DroidFusion method can also effectively enable the fusion of ensemble learning algorithms for improved accuracy. Finally, we show that the prediction accuracy of DroidFusion, despite only utilizing a computational approach in the higher level, can outperform Stacked Generalization, a well-known classifier fusion method that employs a meta-classifier approach in its higher level.

show abstract

“…Sharma and Dash [16] utilized API calls and permissions to build Naive Bayes and k-NN based detection systems. In [17], API classes were used with Random Forest, J48 and SVM classifiers.…”

Section: A Static Analysis With Traditional Classifiersmentioning

confidence: 99%

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

Yerima

Sezer

2019

IEEE Trans. Cybern.

151

View full text Add to dashboard Cite

show abstract

“…Learning based approaches using hand-designed features have been applied extensively to both dynamic [1][2][3], [18][19][20] 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security), 13-14 June, 2016 London, United Kingdom and static [6,7,8,22] malware detection. For example, the authors of [7] studied a static analysis approach to Android malware detection based on 179 features manually derived from API calls, intents, permissions and commands that were combined with ensemble learning.…”

Section: Related Workmentioning

confidence: 99%

“…Their approach was evaluated on a dataset of 2925 malware apps and 3938 benign apps. A variety of similar approaches to static malware detection have used similarly derived features, but with different classifiers such as support vector machine (SVM) [12], Naïve Bayes [17], and k-nearest neighbor [6]. Malware detection approaches have also been proposed that use static features derived exclusively from the permissions requested by the application [4,5].…”

Section: Related Workmentioning

confidence: 99%

N-opcode analysis for android malware classification and categorization

Kang

Yerima

McLaughlin

et al. 2016

2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

View full text Add to dashboard Cite

Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach.

show abstract

“…However, the existence of some permission is not sufficient evidence to classify the App as malware, as most of the permissions requested by goodware apps are also requested by malware apps. Moreover, the permissions stated in the Android-Manifest.xml are not necessarily employed by the App [8,9]. Several researches considered the API call used in the apps' code to differentiate between malware and goodware apps [10,11,12,13,14].…”

Section: Introductionmentioning

confidence: 99%

Using Weighted Bipartite Graph for Android Malware Classification

Altaher¹

2017

ijacsa

View full text Add to dashboard Cite

Abstract-The complexity and the number of mobile malware are increasing continually as the usage of smartphones continue to rise. The popularity of Android has increased the number of malware that target Android-based smartphones. Developing efficient and effective approaches for Android malware classification is emerging as a new challenge. This paper introduces an effective Android malware classifier based on the weighted bipartite graph. This classifier includes two phases: in the first phase, the permissions and API Calls used in the Android app are utilized to construct the weighted bipartite graph; the feature importance scores are integrated as weights in the bipartite graph to improve the discrimination between malware and goodware apps, by incorporating extra meaningful information into the graph structure. The second phase applied multiple classifiers to categorise the Android application as a malware or goodware. The results using an Android malware dataset consists of different malware families, showing the effectiveness of our approach toward Android malware classification.

show abstract

Mining API Calls and Permissions for Android Malware Detection

Cited by 44 publications

References 7 publications

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection

N-opcode analysis for android malware classification and categorization

Using Weighted Bipartite Graph for Android Malware Classification

Contact Info

Product

Resources

About