{"title":"ASDroid: Resisting Evolving Android Malware With API Clusters Derived From Source Code","authors":"Qihua Hu;Weiping Wang;Hong Song;Song Guo;Jian Zhang;Shigeng Zhang","doi":"10.1109/TIFS.2025.3536280","DOIUrl":null,"url":null,"abstract":"Machine learning-based Android malware detection has consistently demonstrated superior results. However, with the continual evolution of the Android framework, the efficacy of the deployed models declines markedly. Existing solutions necessitate frequent and expensive model retraining to resist the constant evolution of malware accompanying Android framework updates. To address this, we introduce a solution called ASDroid, which generalizes specific APIs into similar API clusters to counteract evolving Android malware threats. One primary challenge lies in identifying analogous API clusters that correspond to specific APIs. Our approach involves extracting semantic information from open-source API source code to construct a heterogeneous information graph, and utilizing embedding algorithms to obtain semantic vector representations of APIs. APIs that are close in embedding distance are presumed to have similar semantics. Our dataset encompasses Android applications spanning nine years from 2011 to 2019. In comparison to existing Android malware detection model aging mitigation solutions like APIGraph, SDAC and MaMaDroid, ASDroid demonstrates greater accuracy and more effective at resisting continuously evolving malware.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1822-1835"},"PeriodicalIF":6.3000,"publicationDate":"2025-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10884652/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
Abstract
Machine learning-based Android malware detection has consistently demonstrated superior results. However, with the continual evolution of the Android framework, the efficacy of the deployed models declines markedly. Existing solutions necessitate frequent and expensive model retraining to resist the constant evolution of malware accompanying Android framework updates. To address this, we introduce a solution called ASDroid, which generalizes specific APIs into similar API clusters to counteract evolving Android malware threats. One primary challenge lies in identifying analogous API clusters that correspond to specific APIs. Our approach involves extracting semantic information from open-source API source code to construct a heterogeneous information graph, and utilizing embedding algorithms to obtain semantic vector representations of APIs. APIs that are close in embedding distance are presumed to have similar semantics. Our dataset encompasses Android applications spanning nine years from 2011 to 2019. In comparison to existing Android malware detection model aging mitigation solutions like APIGraph, SDAC and MaMaDroid, ASDroid demonstrates greater accuracy and more effective at resisting continuously evolving malware.
期刊介绍:
The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
