Intelligent mobile malware detection using permission requests and API calls

作     者：Alazab, Moutaz Alazab, Mamoun Shalaginov, Andrii Mesleh, Abdelwadood Awajan, Albara 

作者机构：Al Balqa Appl Univ Fac Artificial Intelligence Salt Jordan Charles Darwin Univ Coll Engn IT & Environm Darwin NT Australia Norwegian Univ Sci & Technol Fac Informat Technol & Elect Engn Trondheim Norway 

出 版 物：《FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE》 (下代计算机系统)

年 卷 期：2020年第107卷

页      面：509-521页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Department of Corporate and Information Services  Northern Territory Government of Australia 

主　　题：Mobile malware Malware detection Mobile security IoT API calls Android permissions 

摘      要：Malware is a serious threat that has been used to target mobile devices since its inception. Two types of mobile malware attacks are standalone: fraudulent mobile apps and injected malicious apps. Defending against the cyber threats of mobile malware requires a strong understanding of the permissions declared in applications and application programmeinterface (API) calls. In this paper, we propose an effective classification model that combines permission requests and API calls. As Android apps use a large number of APIs, we propose three different grouping strategies for choosing the most valuable API calls to maximize the likelihood of identifying Android malware apps: the ambiguous group, risky group, and disruptive group. The results demonstrate that compared with benign apps, malicious applications invoke a different set of API calls and that mobile malware often requests dangerous permissions to access sensitive data more often than benign apps. Empirical results obtained with a real malware dataset containing 27,891 Android apps suggest that our proposed method is effective at detecting mobile malware apps and achieves an F-measure of 94.3%. Our model can significantly assist in the process of malware forensic investigation and mobile application analysis. (C) 2020 Elsevier B.V. All rights reserved.