DecaDroid Classification and Characterization of Malicious Behaviour in Android Applications

DecaDroid Classification and Characterization of Malicious Behaviour in Android Applications

Charu Gupta (Indira Gandhi Delhi Technical Universiy for Women, Delhi, India), Rakesh Kumar Singh (Indira Gandhi Delhi Technical University for Women, Delhi, India), Simran Kaur Bhatia (Indira Gandhi Delhi Technical University for Women, Delhi, India) and Amar Kumar Mohapatra (Indira Gandhi Delhi Technical University for Women, Delhi, India)
Copyright: © 2020 |Pages: 17
DOI: 10.4018/IJISP.2020100104

Abstract

Widespread use of Android-based applications on the smartphones has resulted in significant growth of security attack incidents. Malware-based attacks are the most common attacks on Android-based smartphones. To forestall malware from attacking the users, a much better understanding of Android malware and its behaviour is required. In this article, an approach to classify and characterise the malicious behaviour of Android applications using static features, data flow analysis, and machine learning techniques has been proposed. Static features like hardware components, permissions, Android components and inter-component communication along with unique source-sink pairs obtained from data flow analysis have been used to extract the features of the Android applications. Based on the features extracted, the malicious behaviour of the applications has been classified to their respective malware family. The proposed approach has given 95.19% accuracy rate and F1 measure of 92.19302 with the largest number of malware families classified as compared to previous work.
Article Preview
Top

In literature, various approaches have been proposed based on static and dynamic analysis of Android applications. Vidyarthi et al. (2017) proposed a combined approach for both static and dynamic analysis of malwares in Windows executables using text mining. Some approaches for the detection of Android malware use static analysis. These include code inspection and decompiling of the DEX code of Android apps (Arp et al., 2014). Androguard (Desnos & Gueguen, 2011) is an open-source tool that can manipulate all formats (APK, DEX, Dalvikbyte code, Androids binary XML) to automate testing directly in a program or a specific interpreter. This provides details on variables, fields, methods, permissions etc. It can thus be used for basic debugging, by extending the operations of the intermediate representation.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 15: 4 Issues (2021): 1 Released, 3 Forthcoming
Volume 14: 4 Issues (2020)
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing