SAPIMMDS: Suspicious API-based Mobile Malware Detection System
1. Introduction
Recently, mobile security threats have emerged because of the fast growth in mobile technologies and the essential role that mobile devices play in our daily lives. For that, and especially to address threat associated with malware, various malware analysis methods are developed in the literature to defend against mobile threats. Recent few works focus on the fact that the main purpose or functions of the malware are not changed. Instead of extracting API call patterns for malware in each family, we must focus on API call patterns for certain malicious functions. However, such approaches based on API call patterns have not been empirically well studied yet. In this study, with a large set of data, we empirically study whether or not such approach generates superior results. To the best of our knowledge, we proposed a novel method of the function-oriented malware analysis approach based on suspicious API call patterns. Our proposed method dumps meaningful volatile memory section where a target application is allocated on an Android emulator, and extracts suspicious APIs from bytecode, as comparing with the pre-defined suspicious API call list. By matching API call patterns of the target application with our function database, our method decides whether or not it is malicious.
2. Publication
Jae-wook Jang and Huy Kang Kim, “Function-Oriented Mobile Malware Analysis as First Aid,” Mobile Information Systems, vol. 2016, Article ID 6707524, 11 pages, 2016. doi:10.1155/2016/6707524
3. Dataset Release
For academic purposes, we are happy to release our dataset. However, to avoid indiscriminate distribution of mobile malware, you need the password to unzip the dataset. Please send us a request sent by your official email account. If you use our dataset for your experiment, please cite our paper.
Contact: Huy Kang Kim (cenda at korea.ac.kr)
Dataset Download Link: Download
4. Acknowledgement
SAPIMMDS is developed by Hacking and Countermeasure Research Lab in the Graduate School of Information Security at the Korea University of Korea.
Please contact “Huy Kang Kim” (cenda at korea.ac.kr) if you have any question.