Intelligent mobile malware detection using permission requests and API calls

Moutaz Alazab, Mamoun Alazab, Andrii Shalaginov, Abdelwadood Mesleh, Albara Awajan

Research output: Contribution to journalArticle

Abstract

Malware is a serious threat that has been used to target mobile devices since its inception. Two types of mobile malware attacks are standalone: fraudulent mobile apps and injected malicious apps. Defending against the cyber threats of mobile malware requires a strong understanding of the permissions declared in applications and application program interface (API) calls. In this paper, we propose an effective classification model that combines permission requests and API calls. As Android apps use a large number of APIs, we propose three different grouping strategies for choosing the most valuable API calls to maximize the likelihood of identifying Android malware apps: the ambiguous group, risky group, and disruptive group. The results demonstrate that compared with benign apps, malicious applications invoke a different set of API calls and that mobile malware often requests dangerous permissions to access sensitive data more often than benign apps. Empirical results obtained with a real malware dataset containing 27,891 Android apps suggest that our proposed method is effective at detecting mobile malware apps and achieves an F-measure of 94.3%. Our model can significantly assist in the process of malware forensic investigation and mobile application analysis.
Original languageEnglish
Pages (from-to)509-521
Number of pages13
JournalFuture Generation Computer Systems: the international journal of grid computing: theory, methods and applications
Volume107
Early online date5 Feb 2020
DOIs
Publication statusPublished - Jun 2020

Fingerprint Dive into the research topics of 'Intelligent mobile malware detection using permission requests and API calls'. Together they form a unique fingerprint.

  • Cite this