Analysis of Android Malware Family Characteristic Based on Isomorphism of Sensitive API Call Graph

2017 ◽  
Author(s):  
Hao Zhou ◽  
Wei Zhang ◽  
Fengqiong Wei ◽  
Yunfang Chen
Keyword(s):  
Android Malware ◽  
Call Graph ◽  
Family Characteristic

scholarly journals Android Malware Detection Based on Structural Features of the Function Call Graph

Electronics ◽  
2021 ◽  
Vol 10 (2) ◽  
pp. 186
Author(s):  
Yang Yang ◽  
Xuehui Du ◽  
Zhi Yang ◽  
Xing Liu
Keyword(s):  
Malware Detection ◽  
Structural Features ◽  
Coarse Grained ◽  
Detection Methods ◽  
Convolutional Network ◽  
Android Malware ◽  
Call Graph ◽  
Android Apps ◽  
Android Malware Detection ◽  
Function Call

The openness of Android operating system not only brings convenience to users, but also leads to the attack threat from a large number of malicious applications (apps). Thus malware detection has become the research focus in the field of mobile security. In order to solve the problem of more coarse-grained feature selection and larger feature loss of graph structure existing in the current detection methods, we put forward a method named DGCNDroid for Android malware detection, which is based on the deep graph convolutional network. Our method starts by generating a function call graph for the decompiled Android application. Then the function call subgraph containing the sensitive application programming interface (API) is extracted. Finally, the function call subgraphs with structural features are trained as the input of the deep graph convolutional network. Thus the detection and classification of malicious apps can be realized. Through experimentation on a dataset containing 11,120 Android apps, the method proposed in this paper can achieve detection accuracy of 98.2%, which is higher than other existing detection methods.

scholarly journals Detecting Android Malwares with High-Efficient Hybrid Analyzing Methods

2018 ◽  
Vol 2018 ◽  
pp. 1-12 ◽  
Author(s):  
Yu Liu ◽  
Kai Guo ◽  
Xiangdong Huang ◽  
Zhou Zhou ◽  
Yichi Zhang
Keyword(s):  
High Efficiency ◽  
Cloud Services ◽  
Android Malware ◽  
Call Graph ◽  
Security Issues ◽  
Android Os ◽  
High Efficient ◽  
Function Call ◽  
Traditional Function ◽  
Feature Based

In order to tackle the security issues caused by malwares of Android OS, we proposed a high-efficient hybrid-detecting scheme for Android malwares. Our scheme employed different analyzing methods (static and dynamic methods) to construct a flexible detecting scheme. In this paper, we proposed some detecting techniques such as Com+ feature based on traditional Permission and API call features to improve the performance of static detection. The collapsing issue of traditional function call graph-based malware detection was also avoided, as we adopted feature selection and clustering method to unify function call graph features of various dimensions into same dimension. In order to verify the performance of our scheme, we built an open-access malware dataset in our experiments. The experimental results showed that the suggested scheme achieved high malware-detecting accuracy, and the scheme could be used to establish Android malware-detecting cloud services, which can automatically adopt high-efficiency analyzing methods according to the properties of the Android applications.

scholarly journals OpCode-Level Function Call Graph Based Android Malware Classification Using Deep Learning

Sensors ◽  
2020 ◽  
Vol 20 (13) ◽  
pp. 3645
Author(s):  
Weina Niu ◽  
Rong Cao ◽  
Xiaosong Zhang ◽  
Kangyi Ding ◽  
Kaimeng Zhang ◽  
...  
Keyword(s):  
Deep Learning ◽  
Short Term Memory ◽  
Machine Learning Techniques ◽  
Android Malware ◽  
Call Graph ◽  
Android Apps ◽  
Function Call ◽  
Android System ◽  
Iot Devices ◽  
Control Terminal

Due to the openness of an Android system, many Internet of Things (IoT) devices are running the Android system and Android devices have become a common control terminal for IoT devices because of various sensors on them. With the popularity of IoT devices, malware on Android-based IoT devices is also increasing. People’s lives and privacy security are threatened. To reduce such threat, many researchers have proposed new methods to detect Android malware. Currently, most malware detection products on the market are based on malware signatures, which have a fast detection speed and normally a low false alarm rate for known malware families. However, they cannot detect unknown malware and are easily evaded by malware that is confused or packaged. Many new solutions use syntactic features and machine learning techniques to classify Android malware. It has been known that analysis of the Function Call Graph (FCG) can capture behavioral features of malware well. This paper presents a new approach to classifying Android malware based on deep learning and OpCode-level FCG. The FCG is obtained through static analysis of Operation Code (OpCode), and the deep learning model we used is the Long Short-Term Memory (LSTM). We conducted experiments on a dataset with 1796 Android malware samples classified into two categories (obtained from Virusshare and AndroZoo) and 1000 benign Android apps. Our experimental results showed that our proposed approach with an accuracy of 97 % outperforms the state-of-the-art methods such as those proposed by Nikola et al. and Hou et al. (IJCAI-18) with the accuracy of 97 % and 91 % , respectively. The time consumption of our proposed approach is less than the other two methods.

scholarly journals DroidClone: Attack of the android malware clones - a step towards stopping them

2020 ◽  
pp. 35-35
Author(s):  
Shahid Alam ◽  
Ibrahim Sogukpinar
Keyword(s):  
False Positive Rate ◽  
Control Flow ◽  
Code Clones ◽  
Android Malware ◽  
Call Graph ◽  
Mobile Malware ◽  
Positive Rate ◽  
Android Applications ◽  
And Function ◽  
Specific Control

Code clones are frequent in use because they can be created fast with little effort and expense. Especially for malware writers, it is easier to create a clone of the original than writing a new malware. According to the recent Symantec threat reports, Android continues to be the most targeted mobile platform, and the number of new mobile malware clones grew by 54%. There is a need to develop techniques and tools to stop this attack of Android malware clones. To stop this attack, we propose DroidClone that exposes code clones (segments of code that are similar) in Android applications to help detect malware. DroidClone is the first such effort uses specific control flow patterns for reducing the effect of obfuscations and detect clones that are syntactically different but semantically similar up to a threshold. DroidClone is independent of the programming language of the code clones. When evaluated with real malware and benign Android applications, DroidClone obtained a detection rate of 94.2% and false positive rate of 5.6%. DroidClone, when tested against various obfuscations, was able to successfully provide resistance against all the trivial (Renaming methods, parameters, and nop insertion, etc) and some non-trivial (Call graph manipulation and function indirection, etc.) obfuscations.

Sign in / Sign up

Export Citation Format

Share Document