Intelligent mobile malware detection using permission requests and API calls

Moutaz Alazab, Mamoun Alazab, Andrii Shalaginov, Abdelwadood Mesleh, Albara Awajan

    Research output: Contribution to journalArticlepeer-review

    178 Citations (Scopus)

    Abstract

    Malware is a serious threat that has been used to target mobile devices since its inception. Two types of mobile malware attacks are standalone: fraudulent mobile apps and injected malicious apps. Defending against the cyber threats of mobile malware requires a strong understanding of the permissions declared in applications and application program interface (API) calls. In this paper, we propose an effective classification model that combines permission requests and API calls. As Android apps use a large number of APIs, we propose three different grouping strategies for choosing the most valuable API calls to maximize the likelihood of identifying Android malware apps: the ambiguous group, risky group, and disruptive group. The results demonstrate that compared with benign apps, malicious applications invoke a different set of API calls and that mobile malware often requests dangerous permissions to access sensitive data more often than benign apps. Empirical results obtained with a real malware dataset containing 27,891 Android apps suggest that our proposed method is effective at detecting mobile malware apps and achieves an F-measure of 94.3%. Our model can significantly assist in the process of malware forensic investigation and mobile application analysis.
    Original languageEnglish
    Pages (from-to)509-521
    Number of pages13
    JournalFuture Generation Computer Systems: the international journal of grid computing: theory, methods and applications
    Volume107
    Early online date5 Feb 2020
    DOIs
    Publication statusPublished - Jun 2020

    Fingerprint

    Dive into the research topics of 'Intelligent mobile malware detection using permission requests and API calls'. Together they form a unique fingerprint.

    Cite this