Abstract
The vast popularity of the Android platform has fueled the rapid expansion of Android malware and existing detection methods are difficult to effectively detect malware. To address this issue, in this paper, we propose an Android malware detection method using better API contextual information (BACI). Firstly, BACI extracts the function call graph from each app. Then, we optimize the call graph by removing nodes of unknown functions while ensuring the connectivity between their predecessor and successor nodes. The optimized call graph can extract more robust API contextual information that accurately represents app behavior. Thirdly, we map the optimized call graph into a feature vector for malware detection, including three steps: call pairs extraction, call pairs abstraction, and one-hot mapping. Finally, machine learning classifiers are used for malware detection. The experimental results demonstrate that BACI greatly outperforms the existing state-of-the-art methods and can effectively detect Android malware.
This research was supported by the National Natural Science Foundation of China (Grant No. 62201576, U1833107), the Scientific Research Project of the Tianjin Municipal Education Commission (Grant No. 2019KJ127), the Supporting Fund Project of the National Natural Science Foundation of China (Grant No. 3122023PT10), and the Discipline Development Funds of Civil Aviation University of China.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Google play store (2023). https://play.google.com/store
Virustotal (2023). https://www.virustotal.com/gui/home/upload
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6
Allen, J., Landen, M., Chaba, S., Ji, Y., Chung, S.P.H., Lee, W.: Improving accuracy of android malware detection with lightweight contextual awareness. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 210–221. Association for Computing Machinery (2018)
Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of android apps for the research community. In: Proceedings of the 13th International Conference on Mining Software Repositories, pp. 468–471. Association for Computing Machinery (2016)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the 2018 Network and Distributed Systems Security Symposium (2014)
Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not. 49(6), 259–269 (2014)
Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. Association for Computing Machinery (2012)
Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)
Daoudi, N., Allix, K., Bissyandé, T.F., Klein, J.: A deep dive inside DREBIN: an explorative analysis beyond android malware detection scores. ACM Trans. Priv. Secur. 25(2), 1–28 (2022)
Feng, R., Chen, S., Xie, X., Meng, G., Lin, S., Liu, Y.: A performance-sensitive malware detection system using deep learning on mobile devices. IEEE Trans. Inf. Forensics Secur. 16, 1563–1578 (2020)
Fix, E., Hodges, J.L.: Discriminatory analysis: nonparametric discrimination: small sample performance (1952)
Hearst, M.A., Dumais, S.T., Osuna, E., Platt, J., Scholkopf, B.: Support vector machines. IEEE Intell. Syst. Their Appl. 13(4), 18–28 (1998)
Jacob, D., Ming-Wei, C., Kenton, L., Toutanova, K.: BERT: Pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 NAACL-HLT, vol. 1, pp. 4171–4186. Association for Computational Linguistics (2019)
Mariconti, E., Onwuzurike, L., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G.: MaMaDroid: detecting android malware by building Markov chains of behavioral models. arXiv preprint arXiv:1612.04433 (2016)
Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., Xiang, Y.: A survey of android malware detection with deep neural models. ACM Comput. Surv. 53(6), 1–36 (2020)
Schulz, P.: Code protection in android. Insititute of Computer Science, Rheinische Friedrich-Wilhelms-Universitgt Bonn, Germany 110 (2012)
Syakur, M., Khotimah, B., Rochman, E., Satoto, B.D.: Integration k-means clustering method and elbow method for identification of the best customer profile cluster. In: Proceedings of the IOP Conference Series: Materials Science and Engineering, vol. 336, p. 012017. IOP Publishing (2018)
Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_12
Wu, Y., Li, X., Zou, D., Yang, W., Zhang, X., Jin, H.: MalScan: fast market-wide mobile malware scanning by social-network centrality analysis. In: Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering, pp. 139–150. IEEE (2019)
Zhang, X., et al.: Enhancing state-of-the-art classifiers with API semantics to detect evolved android malware. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 757–770. Association for Computing Machinery (2020)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yang, H., Wang, Y., Zhang, L., Hu, Z., Jiang, L., Cheng, X. (2024). An Android Malware Detection Method Using Better API Contextual Information. In: Ge, C., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2023. Lecture Notes in Computer Science, vol 14527. Springer, Singapore. https://doi.org/10.1007/978-981-97-0945-8_2
Download citation
DOI: https://doi.org/10.1007/978-981-97-0945-8_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-0944-1
Online ISBN: 978-981-97-0945-8
eBook Packages: Computer ScienceComputer Science (R0)