Abstract
In recent years, with the quiet popularity of mobile payment methods, mobile terminal equipment also have potential security problems while facilitating people’s lives. Behavior-based Android malware detection is mostly based on permission analysis and API calls. In this paper, we propose a static Android malicious detection scheme based on sensitive API calls. We extracted all APIs called in the experimental samples through decompilation, and then calculated and ranked the threats related to these APIs according to the mutual information model, selected the top 20 sensitive API calls, and generated a 20-dimensional feature vector for each application. In the classification process, an integrated learning model based on DT classifier, kNN classifier and SVM classifier is used to effectively detect unknown APK samples. We collected 516 benign samples and 528 malicious samples. Through a large number of experiments, the results show that the accuracy of our scheme can be up to 94%, and the precision is up to 95%.
Supported by Tianjin Nature Science Youth Foundation (No.18JCQNJC69900).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IDC new report: Android account for 87% market share in 2019, iPhone only accounts for 13%. https://baijiahao.baidu.com/s?id=1644272367710328052&wfr=spider&for=pc. Accessed 10 Sept 2019
Android. https://www.android.com/. Accessed 30 Nov 2016
Enck, W., Gilbert, P., Han, S., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2011), pp. 15–26. ACM (2011). https://doi.org/10.1145/2046614.2046619
Wu, S., Wang, P., Li, X., Zhang, Y.: Effective detection of android malware based on the usage of data flow APIs and machine learning. Inf. Softw. Technol. 75, 17–25 (2016)
Onwuzurike, L., Mariconti, E., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G.: MaMaDroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans. Priv. Secur. 22(2), 1–34 (2019)
Kim, T., Kang, B., Rho, M., Sezer, S., Im, E.G.: A Multimodal Deep Learning Method for Android Malware Detection Using Various Features. IEEE Trans. Infor. Forensics and Secur. 14(3), 773–788 (2019). https://doi.org/10.1109/TIFS.2018.2866-319
Zhao, C., Zheng, W., Gong, L., et al.: Quick and accurate android malware detection based on sensitive APIs. In: IEEE International Conference on Smart Internet of Things. IEEE Computer Society, pp. 143–148 (2018)
Felt, A.P., Chin, E., Hanna, S., et al.: Android permissions demystied. In: ACM Conference on Computer & Communications Security, vol. 10, p. 627 (2011)
Guyon, I., Elisseeff, A., et al.: An introduction to variable and feature selection. J. Mach. Learn. Res. 3(6), 1157–1182 (2013)
Wang, X., Feng, D., Liu, J.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)
Xiang, C., Yang, P., Tian, C., Liu, Y.: Calibrate without calibrating: an iterative approach in participatory sensing network. IEEE Trans. Parallel Distrib. Syst. 26(2), 351–356 (2015)
Virusshare. http://virusshare.com. Accessed 30 Sept 2017
Google android market. https://play.google.com/store/apps?feature=corpus selector. Accessed 30 Jan 2017
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Yu, J., Zhao, C., Zheng, W., Li, Y., Zhang, C., Chen, C. (2021). Android Malware Detection Using Ensemble Learning on Sensitive APIs. In: Jiang, H., Wu, H., Zeng, F. (eds) Edge Computing and IoT: Systems, Management and Security. ICECI 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 368. Springer, Cham. https://doi.org/10.1007/978-3-030-73429-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-73429-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73428-2
Online ISBN: 978-3-030-73429-9
eBook Packages: Computer ScienceComputer Science (R0)