Analyzing the Effects of API Calls in Android Malware Detection Using Machine Learning

Seonghyun Park, Munyeong Kang, Jihyeon Park, Seong-je Cho, Sangchul Han

http://doi.org/10.5626/JOK.2021.48.3.257

This paper evaluates the effect of preprocessing and representing API call information on the accuracy of the system to detect malicious Android apps. We extract API calls that access or control sensitive data from target apps, and use the calls in machine learning algorithms to detect malicious apps. We then determine which expression of the API calls is most effective in classifying the apps as malicious or benign. Four ways of representing each API call are considered: class/method name with and without arguments/return type, and its presence (whether an API is called or not) and its frequency if called. The detection system has performed slightly better when the arguments/return type and the frequency of each API call were considered together. Its feature size was most efficient when considering the class/method name and the presence of each API call.