Android is currently the most extensively used smartphone platform in the world. Due to its popularity and open source nature, Android malware has been rapidly growing in recent years, and bringing great risks to users' privacy. The malware applications in a malware family may have common features and similar behaviors, which are beneficial for malware detection and inspection. Thus, classifying Android malware into their corresponding families is an important task in malware analysis. At present, the main problem of existing research works on Android malware family classification lies in that the extracted features are inadequate to represent the common behavior characteristics of the malware in malicious families, and leveraging a single classifier or a static ensemble classifier is restricted to further improve the accuracy of classification. In this paper, we propose DroidMFC, a novel Android malware family classification scheme based on static analysis technology. In DroidMFC, the explicit features including permissions, hardware components, app components, intent filters are extracted from the apk files of a malware application. Besides, a hidden feature generated from the extracted APIs is used to represents the API call relationship in the application. Then, we design an adaptive weighted ensemble classifier, which considers the adaptability of the sample to each base classifier, to carry out accurate malware family classification. We conducted experiments on the Drebin dataset which contains 5560 Android malicious applications. The superiority of DroidMFC is demonstrated through comparing it with 5 traditional machine learning models and 4 state-of-the-art reference schemes. DroidMFC can correctly classify 98.92% of malware samples into their families and achieve 99.12% F1-Score.
翻译:Android是目前世界上最广泛使用的智能智能平台。由于它的普及性和开放源码性质,Android 恶意软件近年来一直在快速增长,给用户隐私带来巨大风险。恶意软件在恶意软件家庭中的应用可能具有共同的特点和类似的行为,有利于对恶意软件进行检测和检查。因此,将Android恶意软件分类到相应的家庭是恶意软件分析中的一项重要任务。目前,Android 恶意软件家庭分类的现有研究工作的主要问题在于:提取的功能不足以代表恶意软件在恶意家庭中的常见行为特征,并且利用一个单一的分类器或静态的混合分类器来进一步提高分类的准确性。在本文中,我们提议Droid MFC,一个基于静态分析技术的新型的Android恶意软件家庭分类。在恶意软件分析中,包括许可、硬件组成部分、应用程序、意图过滤器等明确性特征取自恶意软件应用的pk 。此外,从提取的 API 生成的隐藏功能无法在恶意软件分类中体现API- IMFL 4 的升级模型,然后,我们设计了一个用于对机精度的模型进行自我升级的模型的模型的模型的模型应用。