DroidAPIMiner: Mining API-level features for robust malware detection in android

Yousra Aafer; Wenliang Du; Heng Yin

doi:10.1007/978-3-319-04283-1_6

DroidAPIMiner: Mining API-level features for robust malware detection in android

Yousra Aafer, Wenliang Du, Heng Yin

Department of Electrical Engineering & Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

397 Scopus citations

Abstract

The increasing popularity of Android apps makes them the target of malware authors. To defend against this severe increase of Android malwares and help users make a better evaluation of apps at install time, several approaches have been proposed. However, most of these solutions suffer from some shortcomings; computationally expensive, not general or not robust enough. In this paper, we aim to mitigate Android malware installation through providing robust and lightweight classifiers. We have conducted a thorough analysis to extract relevant features to malware behavior captured at API level, and evaluated different classifiers using the generated feature set. Our results show that we are able to achieve an accuracy as high as 99% and a false positive rate as low as 2.2% using KNN classifier.

Original language	English (US)
Title of host publication	Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers
Editors	Tanveer Zia, Albert Zomaya, Vijay Varadharajan, Morley Mao
Publisher	Springer Verlag
Pages	86-103
Number of pages	18
ISBN (Print)	9783319042824
DOIs	https://doi.org/10.1007/978-3-319-04283-1_6
State	Published - 2013
Event	9th International Conference on Security and Privacy in Communication Networks, SecureComm 2013 - Sydney, Australia Duration: Sep 25 2013 → Sep 28 2013

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	127 LNICST
ISSN (Print)	1867-8211

Other

Other	9th International Conference on Security and Privacy in Communication Networks, SecureComm 2013
Country/Territory	Australia
City	Sydney
Period	9/25/13 → 9/28/13

Keywords

Android
Classification
Malware
Static detection

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-319-04283-1_6

Cite this

Aafer, Y., Du, W., & Yin, H. (2013). DroidAPIMiner: Mining API-level features for robust malware detection in android. In T. Zia, A. Zomaya, V. Varadharajan, & M. Mao (Eds.), Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers (pp. 86-103). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 127 LNICST). Springer Verlag. https://doi.org/10.1007/978-3-319-04283-1_6

DroidAPIMiner : Mining API-level features for robust malware detection in android. / Aafer, Yousra; Du, Wenliang; Yin, Heng.

Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers. ed. / Tanveer Zia; Albert Zomaya; Vijay Varadharajan; Morley Mao. Springer Verlag, 2013. p. 86-103 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 127 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Aafer, Y, Du, W & Yin, H 2013, DroidAPIMiner: Mining API-level features for robust malware detection in android. in T Zia, A Zomaya, V Varadharajan & M Mao (eds), Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 127 LNICST, Springer Verlag, pp. 86-103, 9th International Conference on Security and Privacy in Communication Networks, SecureComm 2013, Sydney, Australia, 9/25/13. https://doi.org/10.1007/978-3-319-04283-1_6

Aafer Y, Du W, Yin H. DroidAPIMiner: Mining API-level features for robust malware detection in android. In Zia T, Zomaya A, Varadharajan V, Mao M, editors, Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers. Springer Verlag. 2013. p. 86-103. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). https://doi.org/10.1007/978-3-319-04283-1_6

Aafer, Yousra ; Du, Wenliang ; Yin, Heng. / DroidAPIMiner : Mining API-level features for robust malware detection in android. Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers. editor / Tanveer Zia ; Albert Zomaya ; Vijay Varadharajan ; Morley Mao. Springer Verlag, 2013. pp. 86-103 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{c5b8c7e6f633456dae01d92f1b919a84,

title = "DroidAPIMiner: Mining API-level features for robust malware detection in android",

abstract = "The increasing popularity of Android apps makes them the target of malware authors. To defend against this severe increase of Android malwares and help users make a better evaluation of apps at install time, several approaches have been proposed. However, most of these solutions suffer from some shortcomings; computationally expensive, not general or not robust enough. In this paper, we aim to mitigate Android malware installation through providing robust and lightweight classifiers. We have conducted a thorough analysis to extract relevant features to malware behavior captured at API level, and evaluated different classifiers using the generated feature set. Our results show that we are able to achieve an accuracy as high as 99% and a false positive rate as low as 2.2% using KNN classifier.",

keywords = "Android, Classification, Malware, Static detection",

author = "Yousra Aafer and Wenliang Du and Heng Yin",

note = "Funding Information: Acknowledgment. We would like to thank anonymous reviewers for their comments. This research was supported in part by NSF grants #1017771, #1018217, #1054605, and #1116932, Google research grant, and McAfee research grant. Any opinion, findings, conclusions, or recommendations are those of the authors and not necessarily of the funding agencies.; 9th International Conference on Security and Privacy in Communication Networks, SecureComm 2013 ; Conference date: 25-09-2013 Through 28-09-2013",

year = "2013",

doi = "10.1007/978-3-319-04283-1_6",

language = "English (US)",

isbn = "9783319042824",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Verlag",

pages = "86--103",

editor = "Tanveer Zia and Albert Zomaya and Vijay Varadharajan and Morley Mao",

booktitle = "Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers",

}

TY - GEN

T1 - DroidAPIMiner

T2 - 9th International Conference on Security and Privacy in Communication Networks, SecureComm 2013

AU - Aafer, Yousra

AU - Du, Wenliang

AU - Yin, Heng

N1 - Funding Information: Acknowledgment. We would like to thank anonymous reviewers for their comments. This research was supported in part by NSF grants #1017771, #1018217, #1054605, and #1116932, Google research grant, and McAfee research grant. Any opinion, findings, conclusions, or recommendations are those of the authors and not necessarily of the funding agencies.

PY - 2013

Y1 - 2013

N2 - The increasing popularity of Android apps makes them the target of malware authors. To defend against this severe increase of Android malwares and help users make a better evaluation of apps at install time, several approaches have been proposed. However, most of these solutions suffer from some shortcomings; computationally expensive, not general or not robust enough. In this paper, we aim to mitigate Android malware installation through providing robust and lightweight classifiers. We have conducted a thorough analysis to extract relevant features to malware behavior captured at API level, and evaluated different classifiers using the generated feature set. Our results show that we are able to achieve an accuracy as high as 99% and a false positive rate as low as 2.2% using KNN classifier.

AB - The increasing popularity of Android apps makes them the target of malware authors. To defend against this severe increase of Android malwares and help users make a better evaluation of apps at install time, several approaches have been proposed. However, most of these solutions suffer from some shortcomings; computationally expensive, not general or not robust enough. In this paper, we aim to mitigate Android malware installation through providing robust and lightweight classifiers. We have conducted a thorough analysis to extract relevant features to malware behavior captured at API level, and evaluated different classifiers using the generated feature set. Our results show that we are able to achieve an accuracy as high as 99% and a false positive rate as low as 2.2% using KNN classifier.

KW - Android

KW - Classification

KW - Malware

KW - Static detection

UR - http://www.scopus.com/inward/record.url?scp=85025148063&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85025148063&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-04283-1_6

DO - 10.1007/978-3-319-04283-1_6

M3 - Conference contribution

AN - SCOPUS:85025148063

SN - 9783319042824

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 86

EP - 103

BT - Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers

A2 - Zia, Tanveer

A2 - Zomaya, Albert

A2 - Varadharajan, Vijay

A2 - Mao, Morley

PB - Springer Verlag

Y2 - 25 September 2013 through 28 September 2013

ER -

DroidAPIMiner: Mining API-level features for robust malware detection in android

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this