Extensible Android Malware Detection and Family Classification Using Network-Flows and API-Calls

Android OS-based mobile devices have attracted numerous end-users since they are convenient to work with and offer a variety of features. As a result, Android has become one of the most important targets for attackers to launch their malicious intentions. Every year, researchers propose a novel Android malware analyzer framework to defend against real-world Android malware Apps. The researchers require an inclusive Android dataset to assess their Android analyzers. However, generating a comprehensive Android malware dataset is a challenging concept in malware scrutiny fields. In 2018, we made the first part of our Android malware dataset, CICAndMal2017 [16], publicly available while performing dynamic analyses on real smartphones. In this paper, we provide the second part of the CICAndMal2017 dataset [16] publicly available which includes permissions and intents as static features, and API calls as dynamic features. Besides, we examine these features with our two-layer Android malware analyzer. According to our analyses, we succeeded in achieving 95.3% precision in Static-Based Malware Binary Classification at the first layer, 83.3% precision in Dynamic-Based Malware Category Classification and 59.7% precision in Dynamic-Based Malware Family Classification at the second layer.

[1]  Aziz Mohaisen,et al.  Detecting and Classifying Android Malware Using Static Analysis along with Creator Information , 2015, Int. J. Distributed Sens. Networks.

[2]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[3]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[4]  Sakir Sezer,et al.  EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning , 2017, IWSPA@CODASPY.

[5]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[6]  Fabio Martinelli,et al.  R-PackDroid: API package-based characterization and detection of mobile ransomware , 2017, SAC.

[7]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[8]  Patrick P. K. Chan,et al.  Static detection of Android malware by using permissions and API calls , 2014, 2014 International Conference on Machine Learning and Cybernetics.

[9]  Yu Liu,et al.  Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods , 2018, Mob. Inf. Syst..

[10]  Ali A. Ghorbani,et al.  DroidKin: Lightweight Detection of Android Apps Similarity , 2014, SecureComm.

[11]  Gianluca Stringhini,et al.  Eight Years of Rider Measurement in the Android Malware Ecosystem , 2018, IEEE Transactions on Dependable and Secure Computing.

[12]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..

[13]  Ali Feizollah,et al.  AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection , 2017, Comput. Secur..

[14]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[15]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[16]  Nicolas Christin,et al.  Evading android runtime analysis via sandbox detection , 2014, AsiaCCS.

[17]  Huy Kang Kim,et al.  Function-Oriented Mobile Malware Analysis as First Aid , 2016, Mob. Inf. Syst..

[18]  Valérie Viet Triem Tong,et al.  Kharon dataset: Android malware under a microscope , 2016 .

[19]  Aziz Mohaisen,et al.  Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information , 2016, Comput. Secur..

[20]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[21]  Aziz Mohaisen,et al.  Detecting and classifying method based on similarity matching of Android malware behavior with profile , 2016, SpringerPlus.

[22]  Ali A. Ghorbani,et al.  Towards a Network-Based Framework for Android Malware Detection and Characterization , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[23]  Kouichi Sakurai,et al.  Detection of Android API Call Using Logging Mechanism within Android Framework , 2013, SecureComm.

[24]  Ali A. Ghorbani,et al.  Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification , 2018, 2018 International Carnahan Conference on Security Technology (ICCST).

[25]  Sankardas Roy,et al.  Deep Ground Truth Analysis of Current Android Malware , 2017, DIMVA.