Skip to main content
SpringerLink
Log in

An Android Malware Detection Method Using Better API Contextual Information

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14527))

Included in the following conference series:

  • 117 Accesses

Abstract

The vast popularity of the Android platform has fueled the rapid expansion of Android malware and existing detection methods are difficult to effectively detect malware. To address this issue, in this paper, we propose an Android malware detection method using better API contextual information (BACI). Firstly, BACI extracts the function call graph from each app. Then, we optimize the call graph by removing nodes of unknown functions while ensuring the connectivity between their predecessor and successor nodes. The optimized call graph can extract more robust API contextual information that accurately represents app behavior. Thirdly, we map the optimized call graph into a feature vector for malware detection, including three steps: call pairs extraction, call pairs abstraction, and one-hot mapping. Finally, machine learning classifiers are used for malware detection. The experimental results demonstrate that BACI greatly outperforms the existing state-of-the-art methods and can effectively detect Android malware.

This research was supported by the National Natural Science Foundation of China (Grant No. 62201576, U1833107), the Scientific Research Project of the Tianjin Municipal Education Commission (Grant No. 2019KJ127), the Supporting Fund Project of the National Natural Science Foundation of China (Grant No. 3122023PT10), and the Discipline Development Funds of Civil Aviation University of China.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Google play store (2023). https://play.google.com/store

  2. Virustotal (2023). https://www.virustotal.com/gui/home/upload

  3. Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6

    Chapter  Google Scholar 

  4. Allen, J., Landen, M., Chaba, S., Ji, Y., Chung, S.P.H., Lee, W.: Improving accuracy of android malware detection with lightweight contextual awareness. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 210–221. Association for Computing Machinery (2018)

    Google Scholar 

  5. Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of android apps for the research community. In: Proceedings of the 13th International Conference on Mining Software Repositories, pp. 468–471. Association for Computing Machinery (2016)

    Google Scholar 

  6. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the 2018 Network and Distributed Systems Security Symposium (2014)

    Google Scholar 

  7. Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  8. Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. Association for Computing Machinery (2012)

    Google Scholar 

  9. Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)

    Article  Google Scholar 

  10. Daoudi, N., Allix, K., Bissyandé, T.F., Klein, J.: A deep dive inside DREBIN: an explorative analysis beyond android malware detection scores. ACM Trans. Priv. Secur. 25(2), 1–28 (2022)

    Article  Google Scholar 

  11. Feng, R., Chen, S., Xie, X., Meng, G., Lin, S., Liu, Y.: A performance-sensitive malware detection system using deep learning on mobile devices. IEEE Trans. Inf. Forensics Secur. 16, 1563–1578 (2020)

    Article  Google Scholar 

  12. Fix, E., Hodges, J.L.: Discriminatory analysis: nonparametric discrimination: small sample performance (1952)

    Google Scholar 

  13. Hearst, M.A., Dumais, S.T., Osuna, E., Platt, J., Scholkopf, B.: Support vector machines. IEEE Intell. Syst. Their Appl. 13(4), 18–28 (1998)

    Article  Google Scholar 

  14. Jacob, D., Ming-Wei, C., Kenton, L., Toutanova, K.: BERT: Pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 NAACL-HLT, vol. 1, pp. 4171–4186. Association for Computational Linguistics (2019)

    Google Scholar 

  15. Mariconti, E., Onwuzurike, L., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G.: MaMaDroid: detecting android malware by building Markov chains of behavioral models. arXiv preprint arXiv:1612.04433 (2016)

  16. Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., Xiang, Y.: A survey of android malware detection with deep neural models. ACM Comput. Surv. 53(6), 1–36 (2020)

    Article  Google Scholar 

  17. Schulz, P.: Code protection in android. Insititute of Computer Science, Rheinische Friedrich-Wilhelms-Universitgt Bonn, Germany 110 (2012)

    Google Scholar 

  18. Syakur, M., Khotimah, B., Rochman, E., Satoto, B.D.: Integration k-means clustering method and elbow method for identification of the best customer profile cluster. In: Proceedings of the IOP Conference Series: Materials Science and Engineering, vol. 336, p. 012017. IOP Publishing (2018)

    Google Scholar 

  19. Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_12

    Chapter  Google Scholar 

  20. Wu, Y., Li, X., Zou, D., Yang, W., Zhang, X., Jin, H.: MalScan: fast market-wide mobile malware scanning by social-network centrality analysis. In: Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering, pp. 139–150. IEEE (2019)

    Google Scholar 

  21. Zhang, X., et al.: Enhancing state-of-the-art classifiers with API semantics to detect evolved android malware. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 757–770. Association for Computing Machinery (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Safety Science and Engineering, Civil Aviation University of China, Tianjin, 300300, China

    Hongyu Yang & Ze Hu

  2. School of Computer Science and Technology, Civil Aviation University of China, Tianjin, 300300, China

    Youwei Wang & Laiwei Jiang

  3. School of Information, University of Arizona, Tucson, AZ, 85721, USA

    Liang Zhang

  4. School of Information Engineering, Yangzhou University, Yangzhou, 225127, China

    Xiang Cheng

Authors
  1. Hongyu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youwei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ze Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Laiwei Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiang Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Liang Zhang or Ze Hu .

Editor information

Editors and Affiliations

  1. Shandong University, Jinan, China

    Chunpeng Ge

  2. Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yang, H., Wang, Y., Zhang, L., Hu, Z., Jiang, L., Cheng, X. (2024). An Android Malware Detection Method Using Better API Contextual Information. In: Ge, C., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2023. Lecture Notes in Computer Science, vol 14527. Springer, Singapore. https://doi.org/10.1007/978-981-97-0945-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-0945-8_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-0944-1

  • Online ISBN: 978-981-97-0945-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation