Abstract
Android has become a major target for malware attacks due its popularity and ease of distribution of applications. According to a recent study, around 11,000 new malware appear online on daily basis. Machine learning approaches have shown to perform well in detecting malware. In particular, API calls has been found to be one of the best performing features in malware detection. However, due to the functionalities provided by the Android SDK, applications can use many API calls, creating a computational overhead while training machine learning models. In this study, we look at the benefits of using feature selection to reduce this overhead. We consider three different feature selection algorithms, mutual information, variance threshold and Pearson correlation coefficient, when used with five different machine learning models: support vector machines, decision trees, random forests, Naïve Bayes and AdaBoost. We collected a dataset of 40,000 Android applications that used 134,207 different API calls. Our results show that the number of API calls can be reduced by approximately 95%, whilst still being more accurate than when the full API feature set is used. Random forests achieve the best discrimination between malware and benign applications, with an accuracy of 96.1%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Turner, A.: How many smartphones are in the world? (2021). https://www.bankmycell.com/blog/how-many-phones-are-in-the-world. Accessed 31 July 2021
StatCounter: Mobile operating system market share worldwide (2021). http://gs.statcounter.com/os-market-share/mobile/worldwide. Accessed 16 Apr 2021
Google play store. https://play.google.com/store
Osborne, C.: Joker billing fraud malware found in google play store (2021). https://www.zdnet.com/article/joker-billing-fraud-malware-found-in-google-play-store/. Accessed 31 July 2021
Yu, B., Fang, Y., Yang, Q., Tang, Y., Liu, L.: A survey of malware behavior description and analysis. Front. Inf. Technol. Electron. Eng. 19(5), 583–603 (2018). https://doi.org/10.1631/FITEE.1601745
Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, pp. 300–305. IEEE, November 2013. http://ieeexplore.ieee.org/document/6735264/
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Network and Distributed System Security Symposium (NDSS), no. August (2014)
Ma, Z., Ge, H., Liu, Y., Zhao, M., Ma, J.: A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7(c), 21 235–21 245 (2019)
Jung, J., et al.: Android malware detection based on useful API calls and machine learning. In: Proceedings - 2018 1st IEEE International Conference on Artificial Intelligence and Knowledge Engineering, AIKE 2018, pp. 175–178 (2018)
Afonso, V.M., de Amorim, M.F., Grégio, A.R.A., Junquera, G.B., de Geus, P.L.: Identifying Android malware using dynamically obtained features. J. Comput. Virol. Hack. Tech. 11(1), 9–17 (2014). https://doi.org/10.1007/s11416-014-0226-7
Xiao, X., Zhang, S., Mercaldo, F., Hu, G., Sangaiah, A.K.: Android malware detection based on system call sequences and LSTM. Multimed. Tools Appl. 78(4), 3979–3999 (2017). https://doi.org/10.1007/s11042-017-5104-0
Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secure Comput. 15(1), 83–97 (2018)
Package index (2021). https://developer.android.com/reference/packages. Accessed 31 July 2021
R. Connor Tumbleson: Apktool (2019). https://ibotpeaches.github.io/Apktool/
Virusshare. https://virusshare.com
App downloads for android. https://en.uptodown.com/android. Accessed 31 July 2021
Apkmirror. https://www.apkmirror.com/. Accessed 31 July 2021
F-droid - free and open source android app repository. https://www.f-droid.org/. Accessed 31 July 2021
Virustotal. https://www.virustotal.com
Guyon, I., Elisseeff, A.: An introduction to variable and feature selection. J. Mach. Learn. Res. 3(null), 1157–1182 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Muzaffar, A., Ragab Hassen, H., Lones, M.A., Zantout, H. (2022). Android Malware Detection Using API Calls: A Comparison of Feature Selection and Machine Learning Models. In: Ragab Hassen, H., Batatia, H. (eds) Proceedings of the International Conference on Applied CyberSecurity (ACS) 2021. ACS 2021. Lecture Notes in Networks and Systems, vol 378. Springer, Cham. https://doi.org/10.1007/978-3-030-95918-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-95918-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95917-3
Online ISBN: 978-3-030-95918-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)