Intelligent Malware Detection Based on Hybrid Learning of API and ACG on Android

Kichang Kim, Eunbyeol Ko, Jinsung Kim, and Jeong Hyun Yi⁺
 

School of Software, Soongsil University, Seoul, 06978, Republic of Korea

{kckim7008, kongstar159, okokabv}@soongsil.ac.kr, jhyi@ssu.ac.kr

Abstract

Mobile devices will continue to be central in providing personalized services in the hyper-connected era following the introduction of 5G network services. If a mobile device is exposed to malwares, there is a risk of malware spreading to all the devices it is connected to in an instant. For example, malware can transit from mobile devices to autonomous vehicles that share data through various sensors and that are hyper-connection capable with a server or other device on a 5G network. It is thus becoming more important to preemptively anticipate the behavior of mobile malware using machine learning techniques based on pre-learned datasets. In this paper, we propose a scheme to identify malicious codes by extracting APIs used in Android apps by hybridizing machine learning techniques based not only on APIs but also ACG. The proposed scheme aims to reduce false positives of existing approaches using only APIs and improving performance problems of ACG approaches using excessive features. In addition, we evaluate the performance of the proposed scheme by comparing and analyzing the experimental results of the proposed scheme and the existing schemes for third-party malicious code samples.

Keywords: Malware Detection, Machine Learning, API, API Call Graph

+: Corresponding author: Jeong Hyun Yi

School of Software, Soongsil University, Seoul, Korea, 06978, Tel: +82-2-820-0914

Journal of Internet Services and Information Security (JISIS), 9(4): 39-48, November 2019

DOI: 10.22667/JISIS.2019.11.30.039 [pdf]