An Empirical Study on Android Malware Characterization by Social Network Analysis

An Empirical Study on Android Malware Characterization by Social Network Analysis

Android malware detection has always been a hot research field. Prior work has validated that graph-based Android malware detection methods are effective, and several works have been proposed to regard the call graph of an app as a social network for more efficient classification. However, a social...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on reliability Vol. 73; no. 1; pp. 757 - 770
Main Authors: Zhao, Haojun, Wu, Yueming, Zou, Deqing, Jin, Hai
Format: Journal Article
Language:English
Published: New York IEEE 01-03-2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Android malware
Behavioral sciences
Classification
Correlation
Empirical analysis
empirical study
Feature extraction
Malware
Microwave integrated circuits
Network analysis
Operating systems
social network analysis
Social networking (online)
Social networks
Statistical analysis
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Android malware detection has always been a hot research field. Prior work has validated that graph-based Android malware detection methods are effective, and several works have been proposed to regard the call graph of an app as a social network for more efficient classification. However, a social network contains many properties and there is a lack of perception as to which social network properties are more useful in differentiating malware from benign apps. Therefore, in this article, we present the first empirical study to analyze Android malware by different social network properties. We conduct extensive statistical analysis on 100 000 Android apps and apply three feature ranking methods to research the ability of 57 social network properties on malware detection. Moreover, in an effort to validate the effectiveness of these social network properties on malware detection, we implement a tool called SNADroid by using these properties as features for models training and use it to complete classification. Our study reveals that the average triangles number is the most impactful social network property in distinguishing malware from benign apps. Combined with the experimental results and in-depth analysis, we present the 15 most effective features for graph-based malware detection using social properties as a guideline.
ISSN:0018-9529
1558-1721
DOI:10.1109/TR.2023.3304389