Extensible Android Malware Detection and Family Classification Using Network-Flows and API-Calls

Abstract

Android OS-based mobile devices have attracted numerous end-users since they are convenient to work with and offer a variety of features. As a result, Android has become one of the most important targets for attackers to launch their malicious intentions. Every year, researchers propose a novel Android malware analyzer framework to defend against real-world Android malware Apps. The researchers require an inclusive Android dataset to assess their Android analyzers. However, generating a comprehensive Android malware dataset is a challenging concept in malware scrutiny fields. In 2018, we made the first part of our Android malware dataset, CICAndMal2017 [16], publicly available while performing dynamic analyses on real smartphones. In this paper, we provide the second part of the CICAndMal2017 dataset [16] publicly available which includes permissions and intents as static features, and API calls as dynamic features. Besides, we examine these features with our two-layer Android malware analyzer. According to our analyses, we succeeded in achieving 95.3% precision in Static-Based Malware Binary Classification at the first layer, 83.3% precision in Dynamic-Based Malware Category Classification and 59.7% precision in Dynamic-Based Malware Family Classification at the second layer.