Next Article in Journal
Analyzing Service Quality Evaluation Indexes of Rural Last Mile Delivery Using FCE and ISM Approach
Previous Article in Journal
Signal Timing Optimization Model Based on Bus Priority
Previous Article in Special Issue
Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences
Open AccessArticle

AndroDFA: Android Malware Classification Based on Resource Consumption

Department of Computer, Control, and Management Engineering Antonio Ruberti, Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy
Cyber Security Research Group, School of Electronics and Computer Science, University of Southampton, University Road, Southampton SO17 1BJ, UK
Author to whom correspondence should be addressed.
A preliminary version of this paper “Android malware family classification based on resource consumption over time.” was published in the proceedings of the 12th International Conference on Malicious and Unwanted Software (MALWARE).
Information 2020, 11(6), 326;
Received: 27 April 2020 / Revised: 8 June 2020 / Accepted: 11 June 2020 / Published: 16 June 2020
(This article belongs to the Special Issue New Frontiers in Android Malware Analysis and Detection)
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based on dynamic analysis of resource consumption metrics available from the proc file system. These metrics can be easily measured during sample execution. From each malware, we extract features through detrended fluctuation analysis (DFA) and Pearson’s correlation, then a support vector machine is employed to classify malware into families. We provide an experimental evaluation based on malware samples from two datasets, namely Drebin and AMD. With the Drebin dataset, we obtained a classification accuracy of 82%, comparable with works from the state-of-the-art like DroidScribe. However, compared to DroidScribe, our approach is easier to reproduce because it is based on publicly available tools only, does not require any modification to the emulated environment or Android OS, and by design, can also be used on physical devices rather than exclusively on emulators. The latter is a key factor because modern mobile malware can detect the emulated environment and hide its malicious behavior. The experiments on the AMD dataset gave similar results, with an overall mean accuracy of 78%. Furthermore, we made the software we developed publicly available, to ease the reproducibility of our results. View Full-Text
Keywords: malware; machine learning; Android malware; machine learning; Android
Show Figures

Figure 1

MDPI and ACS Style

Massarelli, L.; Aniello, L.; Ciccotelli, C.; Querzoni, L.; Ucci, D.; Baldoni, R. AndroDFA: Android Malware Classification Based on Resource Consumption. Information 2020, 11, 326.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Search more from Scilit
Back to TopTop