Abstract
Malware is a serious threat that has been used to target mobile devices since its inception. Two types of mobile malware attacks are standalone: fraudulent mobile apps and injected malicious apps. Defending against the cyber threats of mobile malware requires a strong understanding of the permissions declared in applications and application programmeinterface (API) calls. In this paper, we propose an effective classification model that combines permission requests and API calls. As Android apps use a large number of APIs, we propose three different grouping strategies for choosing the most valuable API calls to maximize the likelihood of identifying Android malware apps: the ambiguous group, risky group, and disruptive group. The results demonstrate that compared with benign apps, malicious applications invoke a different set of API calls and that mobile malware often requests dangerous permissions to access sensitive data more often than benign apps. Empirical results obtained with a real malware dataset containing 27,891 Android apps suggest that our proposed method is effective at detecting mobile malware apps and achieves an F-measure of 94.3%. Our model can significantly assist in the process of malware forensic investigation and mobile application analysis.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.