Hybroid: A Novel Hybrid Android Malware Detection Framework

Yıl 2021, Cilt: 14 Sayı: 1, 331 - 356, 31.03.2021

Abdullah Talha Kabakuş

https://doi.org/10.18185/erzifbed.806683

Cited By: 1

Öz

Android, the most widely-used mobile operating system, attracts the attention of malware developers as well as benign users. Despite the serious proactive actions taken by Android, the Android malware is still widespread as a result of the increasing sophistication and the diversity of malware. Android malware detection systems are generally classified into two: (1) Static analysis, and (2) dynamic analysis. In this study, a novel Android malware detection framework, namely, Hybroid, was proposed which combines both the static and dynamic analysis techniques to benefit from the advantages of both of these techniques. An up-to-date version of Android, namely, Android Oreo, was specifically employed in order to handle the problem from an up-to-date perspective as the recent versions of Android provide new security mechanisms, which are discussed with this study. Hybroid was evaluated on a large dataset that consists of 10,658 applications, and the accuracy of Hybroid was calculated as high as 99.5% when it was utilized with the J48 classification algorithm which outperforms the state-of-the-art studies. The key findings in consequence of the experimental result are discussed in order to shed light on Android malware detection.

Anahtar Kelimeler

Android malware detection, mobile malware, mobile security, static analysis, dynamic analysis, Android

Kaynakça

• Aafer, Y., Du, W., & Yin, H. (2013). DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. 9th International Conference on Security and Privacy in Communication Networks (SecureComm 2013), 86–103. Sydney, Australia. https://doi.org/10.1007/978-3-319-04283-1_6
• Afonso, V. M., de Amorim, M. F., Grégio, A. R. A., Junquera, G. B., & de Geus, P. L. (2015). Identifying Android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques, 11(1), 9–17. https://doi.org/10.1007/s11416-014-0226-7
• Alzaylaee, M. K., Yerima, S. Y., & Sezer, S. (2017). Improving Dynamic Analysis of Android Apps Using Hybrid Test Input Generation. IEEE International Conference On Cyber Security And Protection Of Digital Services (Cyber Security 2017), 1–8. London, UK.
• Android – Google Play Protect. (2019). Retrieved March 28, 2020, from Google website: https://www.android.com/play-protect/
• Aresu, M., Ariu, D., Ahmadi, M., Maiorca, D., & Giacinto, G. (2015). Clustering Android Malware Families by Http Traffic. 2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015, 128–135. Fajardo, Puerto Rico. https://doi.org/10.1109/MALWARE.2015.7413693
• Arp, D., Spreitzenbarth, M., Malte, H., Gascon, H., & Rieck, K. (2014). Drebin: Effective and Explainable Detection of Android Malware in Your Pocket. Symposium on Network and Distributed System Security (NDSS), 23–26. San Diego, California, USA.
• Arshad, S., Ahmed, M., Shah, M. A., & Khan, A. (2016). Android Malware Detection & Protection: A Survey. International Journal of Advanced Computer Science and Applications (IJACSA), 7(2), 463–475. https://doi.org/10.14569/IJACSA.2016.070262
• Arshad, S., Shah, M. A., Wahid, A., Mehmood, A., & Song, H. (2018). SAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System. IEEE Access, 6, 4321–4339. https://doi.org/10.1109/ACCESS.2018.2792941
• Backes, M., Gerling, S., Hammer, C., Maffei, M., Backes, M., Gerling, S., & Hammer, C. (2012). AppGuard - Real-time policy enforcement for third-party applications. Retrieved March 28, 2020, from Universitäts und Landesbibliothek Bonn website: http://sps.cs.uni-saarland.de/publications/monitor.pdf
• Bae, C., & Shin, S. (2017). A collaborative approach on host and network level android malware detection. Security and Communication Networks, 9(18), 5639–5650. https://doi.org/10.1002/sec.1723
• Bao, L., Lo, D., Xia, X., & Li, S. (2017). Automated Android application permission recommendation. Science China Information Sciences, 60(9), 1–17. https://doi.org/10.1007/s11432-016-9072-3
• Bläsing, T., Batyuk, L., Schmidt, A. D., Camtepe, S. A., & Albayrak, S. (2010). An android application sandbox system for suspicious software detection. 5th IEEE International Conference on Malicious and Unwanted Software (Malware 2010), 55–62. Nancy, France: IEEE. https://doi.org/10.1109/MALWARE.2010.5665792
• Boicea, A., Radulescu, F., & Agapin, L. I. (2012). MongoDB vs Oracle - Database comparison. Proceedings of 3rd International Conference on Emerging Intelligent Data and Web Technologies, EIDWT 2012, 330–335. Bucharest, Romania. https://doi.org/10.1109/EIDWT.2012.32
• Bowden, T., Bauer, B., Nerin, J., Feng, S., & Seibold, S. (2018). The /proc Filesystem. Retrieved March 28, 2020, from https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
• Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011). Crowdroid: Behavior-Based Malware Detection System for Android. Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices - SPSM ’11, 1–11. Chicago, IL, USA. https://doi.org/10.1145/2046614.2046619
• Burke, D. (2017). Android: celebrating a big milestone together with you. Retrieved March 28, 2020, from Google website: https://www.blog.google/products/android/2bn-milestone/
• Cacek, J. (2018). kwart/jd-cmd: Command line Java Decompiler. Retrieved March 28, 2020, from https://github.com/kwart/jd-cmd
• Canfora, G., Medvet, E., Mercaldo, F., & Visaggio, C. A. (2015). Detecting Android malware using sequences of system calls. Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile - DeMobile 2015, 13–20. Bergamo, Italy. https://doi.org/10.1145/2804345.2804349
• Chandramohan, M., & Tan, H. B. K. (2012). Detection of Mobile Malware in the Wild. Computer, 45(9), 65–71. https://doi.org/10.1109/MC.2012.36
• Cunningham, E. (2017). Keeping you safe with Google Play Protect. Retrieved March 28, 2020, from Google website: https://blog.google/products/android/google-play-protect/
• Dash, S. K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., & Cavallaro, L. (2016). DroidScribe: Classifying Android Malware Based on Runtime Behavior. Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, 252–261. San Jose, CA, USA. https://doi.org/10.1109/SPW.2016.25
• DB-Engines Ranking - popularity ranking of database management systems. (2019). Retrieved March 28, 2020, from DB-Engines website: https://db-engines.com/en/ranking
• Di Cerbo, F., Girardello, A., Michahelles, F., & Voronkova, S. (2011). Detection of malicious applications on android OS. 4th International Workshop on Computational Forensics, IWCF 2010, November 11, 2010 - November 12, 2010, 6540 LNCS, 138–149. https://doi.org/10.1007/978-3-642-19376-7_12
• Dini, G., Martinelli, F., Saracino, A., & Sgandurra, D. (2012). MADAM: A Multi-level Anomaly Detector for Android Malware. In I. Kotenko & V. Skormin (Eds.), Computer Network Security (pp. 240–253). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-33704-8
• Elish, K. O., Shu, X., Yao, D., Ryder, B. G., & Jiang, X. (2015). Profiling user-trigger dependence for Android malware detection. Computers and Security, 49, 255–273. https://doi.org/10.1016/j.cose.2014.11.001
• Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., Mcdaniel, P., & Sheth, A. N. (2010). TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI ’10), 393–407. Vancouver, BC, Canada.
• Enck, W., Ongtang, M., & McDaniel, P. (2009). On Lightweight Mobile Phone Application Certification. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS ’09), 235–245. Chicago, Illinois, USA. https://doi.org/10.1145/1653662.1653691
• Fan, W., Sang, Y., Zhang, D., Sun, R., & Liu, Y. (2017). DroidInjector: A process injection-based dynamic tracking system for runtime behaviors of Android applications. Computers and Security, 70, 224–237. https://doi.org/10.1016/j.cose.2017.06.001
• Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M. S., & Bharmal, A. (2013). AndroSimilar: Robust Statistical Feature Signature For Android Malware Detection. Proceedings of the 6th International Conference on Security of Information and Networks - SIN ’13, 1–8. https://doi.org/10.1145/2523514.2523539
• Faruki, P., Zemmari, A., Gaur, M. S., Laxmi, V., & Conti, M. (2016). MimeoDroid: Large Scale Dynamic App Analysis on Cloned Devices via Machine Learning Classifiers. Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN-W 2016, 60–65. https://doi.org/10.1109/DSN-W.2016.33
• Felt, A. P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011). Android permissions demystified. Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11, 627–638. New York, New York, USA: ACM Press. https://doi.org/10.1145/2046707.2046779
• Fuchs, A. P., Chaudhuri, A., & Foster, J. S. (2009). SCanDroid: Automated Security Certification of Android Applications. https://doi.org/10.1.1.164.6899
• Gadhiya, S., Bhavsar, K., & Student, P. D. (2013). Techniques for Malware Analysis. International Journal of Advanced Research in Computer Science and Software Engineering, 3(4), 972–975.
• Gibler, C., Crussell, J., Erickson, J., & Chen, H. (2012). AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. TRUST’12 Proceedings of the 5th International Conference on Trust and Trustworthy Computing, 7344 LNCS, 291–307. Vienna, Austria. https://doi.org/10.1007/978-3-642-30921-2_17
• Grace, M., Zhou, Y., Wang, Z., & Jiang, X. (2012). Systematic Detection of Capability Leaks in Stock Android Smartphones. Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012), 1–15. San Diego, California, USA.
• Grace, M., Zhou, Y., Zhang, Q., Zou, S., & Jiang, X. (2012). RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services - MobiSys ’12, 281–294. Low Wood Bay, Lake District, United Kingdom: ACM Press. https://doi.org/10.1145/2307636.2307663
• IDC - Smartphone Market Share. (2019). Retrieved March 28, 2020, from IDC website: https://www.idc.com/promo/smartphone-market-share/os
• Infected Fake Versions of Arcade Games on Google Play Threatened Players with Nasty Trojans. (2015). Retrieved March 28, 2020, from ESET website: https://www.eset.com/int/about/newsroom/press-releases/announcements/infected-arcade-games-trojan-dropper/
• Kabakus, A.T., & Dogru, I. A. (2018). An in-depth analysis of Android malware using hybrid techniques. Digital Investigation, 24, 25–33. https://doi.org/10.1016/j.diin.2018.01.001
• Kabakus, Abdullah Talha, Dogru, I. A., & Cetin, A. (2015). APK Auditor: Permission-based Android malware detection system. Digital Investigation, 13, 1–14. https://doi.org/10.1016/j.diin.2015.01.001
• Kang, H., Jang, J. W., Mohaisen, A., & Kim, H. K. (2015). Detecting and classifying android malware using static analysis along with creator information. International Journal of Distributed Sensor Networks, 2015, 1–9. https://doi.org/10.1155/2015/479174
• Karbab, E. M. B., Debbabi, M., Derhab, A., & Mouheb, D. (2018). MalDozer: Automatic framework for android malware detection using deep learning. Digital Investigation, 24, S48–S59. https://doi.org/10.1016/j.diin.2018.01.007
• Kaur, K., & Rani, R. (2013). Modeling and querying data in NoSQL databases. Proceedings - 2013 IEEE International Conference on Big Data, Big Data 2013, 1–7. Santa Clara, CA, USA: IEEE. https://doi.org/10.1109/BigData.2013.6691765
• Kayikci, S. (2018). A Deep Learning Method for Passing Completely Automated Public Turing Test. 3rd International Conference on Computer Science and Engineering (UBMK 2018), 41–44. Sarajevo, Bosnia-Herzegovina: IEEE. https://doi.org/10.1109/UBMK.2018.8566318
• Kelley, P. G., Consolvo, S., Cranor, L. F., Jung, J., Sadeh, N., & Wetherall, D. (2012). A Conundrum of Permissions: Installing Applications on an Android Smartphone. Proceedings of the 16th International Conference on Financial Cryptography and Data Security (FC ’12), 68–79. Kralendijk, Bonaire: Springer. https://doi.org/10.1007/978-3-642-34638-5
• Kim, T., Kang, B., Rho, M., Sezer, S., & Im, E. G. (2019). A multimodal deep learning method for android malware detection using various features. IEEE Transactions on Information Forensics and Security, 14(3), 773–788. https://doi.org/10.1109/TIFS.2018.2866319
• King, J., Lampinen, A., & Smolen, A. (2011). Privacy: is there an app for that? Proceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS ’11), 1–20. New York, NY, USA: ACM Press. https://doi.org/10.1145/2078827.2078843
• Kumar, A., Kuppusamy, K. S., & Aghila, G. (2018). FAMOUS: Forensic Analysis of MObile Using Scoring of application permission. Future Generation Computer Systems, 83, 158–172. https://doi.org/10.1016/j.future.2018.02.001
• Kumar, M. (2017). Beware! New Android Malware Infected 2 Million Google Play Store Users. Retrieved March 28, 2020, from The Hacker News website: http://thehackernews.com/2017/04/android-malware-playstore.html
• Li, B., Zhang, Y., Li, J., Yang, W., & Gu, D. (2018). APPSPEAR: Automating the hidden-code extraction and reassembling of packed android malware. Journal of Systems and Software, 140, 3–16. https://doi.org/10.1016/j.jss.2018.02.040
• Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., & Ye, H. (2018). Significant Permission Identification for Machine-Learning-Based Android Malware Detection. IEEE Transactions on Industrial Informatics, 14(7), 3216–3225. https://doi.org/10.1109/TII.2017.2789219
• Liang, S., & Du, X. (2014). Permission-combination-based scheme for Android mobile malware detection. 2014 IEEE International Conference on Communications (ICC), 2301–2306. Sydney, Australia: IEEE. https://doi.org/10.1109/ICC.2014.6883666
• Liu, L., Yan, G., Zhang, X., & Chen, S. (2009). Virusmeter: Preventing your cellphone from spies. Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID ’09), 244–264. https://doi.org/10.1007/978-3-642-04342-0_13
• Mahmood, R., Esfahani, N., Kacem, T., Mirzaei, N., Malek, S., & Stavrou, A. (2012). A whitebox approach for automated security testing of Android applications on the cloud. 7th International Workshop on Automation of Software Test (AST 2012), 22–28. Zurich, Switzerland: IEEE Press. https://doi.org/10.1109/IWAST.2012.6228986
• Massarelli, L., Aniello, L., Ciccotelli, C., Querzoni, L., Ucci, D., & Baldoni, R. (2017). Android Malware Family Classification Based on Resource Consumption over Time. 2017 12th International Conference on Malicious and Unwanted Software (MALWARE), 31–38. Fajardo, PR, USA. Retrieved from http://arxiv.org/abs/1709.00875
• McLaughlin, N., Martinez del Rincon, J., Kang, B., Yerima, S., Miller, P., Sezer, S., … Joon Ahn, G. (2017). Deep Android Malware Detection. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy - CODASPY ’17, 301–308. Scottsdale, Arizona, USA. https://doi.org/10.1145/3029806.3029823
• Milano, D. T. (2018). AndroidViewClient. Retrieved March 28, 2020, from https://github.com/dtmilano/AndroidViewClient
• Ming Wu, C. (2015). Comparisons Between MongoDB and MS-SQL Databases on the TWC Website. American Journal of Software Engineering and Applications, 4(2), 35–41. https://doi.org/10.11648/j.ajsea.20150402.12
• Morris, D. Z. (2017). Android Malware Judy’ Hits As Many As 36.5 Million Phones. Retrieved March 28, 2020, from Fortune website: http://fortune.com/2017/05/28/android-malware-judy/
• Moser, A., Kruegel, C., & Kirda, E. (2007). Limits of static analysis for malware detection. 23rd Annual Computer Security Applications Conference (ACSAC 2007), 421–430. Miami Beach, FL, USA. https://doi.org/10.1109/ACSAC.2007.21
• Mylonas, A., Kastania, A., & Gritzalis, D. (2013). Delegate the smartphone user? Security awareness in smartphone platforms. Computers and Security, 34, 47–66. https://doi.org/10.1016/j.cose.2012.11.004
• Narudin, F. A., Feizollah, A., Anuar, N. B., & Gani, A. (2016). Evaluation of machine learning classifiers for mobile malware detection. Soft Computing, 20(1), 343–357. https://doi.org/10.1007/s00500-014-1511-6
• Nyati, S. S., Pawar, S., & Ingle, R. (2013). Performance evaluation of unstructured NoSQL data over distributed framework. Proceedings of the 2013 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2013, 1623–1627. https://doi.org/10.1109/ICACCI.2013.6637424
• Parker, Z., Poe, S., & Vrbsky, S. V. (2013). Comparing NoSQL MongoDB to an SQL DB. Proceedings of the 51st ACM Southeast Conference on - ACMSE ’13, 1–6. https://doi.org/10.1145/2498328.2500047
• Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., … Molloy, I. (2012). Using Probabilistic Generative Models for Ranking Risks of Android Apps. Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS ’12), 241–252. Raleigh, North Carolina, USA. https://doi.org/10.1145/2382196.2382224
• Permissions overview | Android Developers. (2019). Retrieved March 28, 2020, from Google website: https://developer.android.com/guide/topics/permissions/overview#normal_permissions
• Popper, B. (2017). Google announces over 2 billion monthly active devices on Android. Retrieved March 28, 2020, from The Verge website: https://www.theverge.com/2017/5/17/15654454/android-reaches-2-billion-monthly-active-users
• Portokalidis, G., Homburg, P., Anagnostakis, K., & Bos, H. (2010). Paranoid Android: Versatile Protection For Smartphones. Annual Computer Security Applications Conference (ACSAC), 347–356. Austin, Texas, USA. https://doi.org/10.1145/1920261.1920313
• pxb1988/dex2jar: Tools to work with android .dex and java .class files. (2018). Retrieved March 28, 2020, from https://github.com/pxb1988/dex2jar
• Rastogi, V., Chen, Y., & Enck, W. (2013). AppsPlayground : Automatic Security Analysis of Smartphone Applications. Proceedings of the Third ACM Conference on Data and Application Security and Privacy (CODASPY ’13), 209–220. San Antonio, Texas, USA. https://doi.org/10.1145/2435349.2435379
• Rhode, M., Burnap, P., & Jones, K. (2018). Early-stage malware prediction using recurrent neural networks. Computers and Security, 77, 578–594. https://doi.org/10.1016/j.cose.2018.05.010
• Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P. G., & Álvarez, G. (2012). PUMA: Permission usage to detect malware in android. International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions, 289–298. Ostrava, Czech Republic: Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33018-6_30
• Sato, R., Chiba, D., & Goto, S. (2013). Detecting Android Malware by Analyzing Manifest Files. Proceedings of the Asia-Pacific Advanced Network 2013 (APAN ’13), 23–31. Kaist, Daejeon, Korea. https://doi.org/10.7125/APAN.36.4
• Sayfullina, L., Eirola, E., Komashinsky, D., Palumbo, P., Miche, Y., Lendasse, A., & Karhunen, J. (2015). Efficient detection of zero-day android malware using normalized bernoulli naive bayes. Proceedings of The14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2015), 198–205. Helsinki, Finland. https://doi.org/10.1109/Trustcom.2015.375
• Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., & Weiss, Y. (2012). “Andromaly”: A behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 38, 161–190. https://doi.org/10.1007/s10844-010-0148-x
• Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B., & Elovici, Y. (2014). Mobile malware detection through analysis of deviations in application network behavior. Computers & Security, 43, 1–18. https://doi.org/10.1016/j.cose.2014.02.009
• Singh, P., Tiwari, P., & Singh, S. (2016). Analysis of Malicious Behavior of Android Apps. Procedia Computer Science, 79, 215–220. https://doi.org/10.1016/j.procs.2016.03.028
• SophosLabs 2018 Malware Forecast. (2018). Retrieved March 28, 2020, from Sophos website: https://www.sophos.com/en-us/en-us/medialibrary/PDFs/technical-papers/malware-forecast-2018.pdf
• Spreitzenbarth, M., Freiling, F. C., Echtler, F., Schreck, T., & Hoffmann, J. (2013). Mobile-sandbox: Having a Deeper Look into Android Applications. Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC 2013), 1808–1815. Coimbra, Portugal: ACM. https://doi.org/10.1145/2480362.2480701
• Stefanko, L. (2018). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved March 28, 2020, from ESET website: https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
• Suarez-Tangil, G., Tapiador, J. E., Peris-Lopez, P., & Blasco, J. (2014). Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families. Expert Systems with Applications, 41(4 PART 1), 1104–1117. https://doi.org/10.1016/j.eswa.2013.07.106
• Suarez-Tangil, G., Tapiador, J. E., Peris-Lopez, P., & Ribagorda, A. (2014). Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys and Tutorials, 16(2), 961–987. https://doi.org/10.1109/SURV.2013.101613.00077
• Tam, K., Feizollah, A., Anuar, N. B., Salleh, R., & Cavallaro, L. (2017). The Evolution of Android Malware and Android Analysis Techniques. ACM Computing Surveys, 49(4), 1–41. https://doi.org/10.1145/3017427
• Tang, W., Jin, G., He, J., & Jiang, X. (2011). Extending android security enforcement with a security distance model. Proceedings of the 2011 International Conference on Internet Technology and Applications (ITAP 2011), 1–4. https://doi.org/10.1109/ITAP.2011.6006288
• The Mobile Economy 2018. (2018). Retrieved from https://www.gsma.com/mobileeconomy/wp-content/uploads/2018/02/The-Mobile-Economy-Global-2018.pdf
• Tong, F., & Yan, Z. (2017). A hybrid approach of mobile malware detection in Android. Journal of Parallel and Distributed Computing, 103, 22–31. https://doi.org/10.1016/j.jpdc.2016.10.012
• Villas-Boas, A. (2018). Google removed 13 games from the Play Store for containing malware. Retrieved March 28, 2020, from Business Insider website: https://www.businessinsider.com/google-play-store-game-apps-removed-malware-2018-11
• Violino, B. (2018). How to choose the right NoSQL database. Retrieved March 28, 2020, from InfoWorld website: https://www.infoworld.com/article/3260184/nosql/how-to-choose-the-right-nosql-database.html
• Wang, C., Li, Z., Mo, X., Yang, H., & Zhao, Y. (2017). An android malware dynamic detection method based on service call co-occurrence matrices. Annals of Telecommunications, 72(9–10), 1–9. https://doi.org/10.1007/s12243-017-0580-9
• Wang, X., Zhang, D., Su, X., & Li, W. (2017). Mlifdect: Android malware detection based on parallel machine learning and information fusion. Security and Communication Networks, 2017, 1–15. https://doi.org/10.1155/2017/6451260
• Wang, Y., Zheng, J., Sun, C., & Mukkamala, S. (2013). Quantitative security risk assessment of Android permissions and applications. In L. Wang & B. Shafiq (Eds.), 27th Data and Applications Security and Privacy (DBSec) (pp. 226–241). Newark, NJ, USA: Springer. https://doi.org/10.1007/978-3-642-39256-6_15
• Wei, L., Luo, W., Weng, J., Zhong, Y., Zhang, X., & Yan, Z. (2017). Machine Learning-Based Malicious Application Detection of Android. IEEE Access, 5, 25591–25601. https://doi.org/10.1109/ACCESS.2017.2771470
• Wei, X., Gomez, L., Neamtiu, I., & Faloutsos, M. (2012). Malicious Android Applications in the Enterprise: What Do They Do and How Do We Fix It? ICDEW ’12 Proceedings of the 2012 IEEE 28th International Conference on Data Engineering Workshops, 251–254. Arlington, Virginia, USA: IEEE.
• Weka 3 - Data Mining with Open Source Machine Learning Software in Java. (2020). Retrieved March 28, 2020, from https://www.cs.waikato.ac.nz/ml/weka/
• Who writes Linux? Almost 10,000 developers. (2013). Retrieved March 28, 2020, from ZDNet website: https://www.zdnet.com/article/who-writes-linux-almost-10000-developers/
• Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., & Wu, K.-P. (2012). DroidMat: Android Malware Detection through Manifest and API Calls Tracing. 2012 Seventh Asia Joint Conference on Information Security, 62–69. Minato, Tokyo, Japan. https://doi.org/10.1109/AsiaJCIS.2012.18
• Xue, Y., Meng, G., Liu, Y., Tan, T. H., Chen, H., Sun, J., & Zhang, J. (2017). Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique. IEEE Transactions on Information Forensics and Security, 12(7), 1529–1544. https://doi.org/10.1109/TIFS.2017.2661723
• Yang, M., Wang, S., Ling, Z., Liu, Y., & Ni, Z. (2017). Detection of malicious behavior in android apps through API calls and permission uses analysis. Concurrency and Computation: Practice and Experience, 29(19), 1–13. https://doi.org/10.1002/cpe.4172
• Yerima, S. Y., Sezer, S., McWilliams, G., & Muttik, I. (2013). A New Android Malware Detection Approach Using Bayesian Classification. 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), 121–128. Barcelona, Spain: IEEE. https://doi.org/10.1109/AINA.2013.88
• Yu, J., Huang, Q., & Yian, C. H. (2016). DroidScreening: a practical framework for real-world Android malware analysis. Security and Communication Networks, 9(11), 1435–1449. https://doi.org/10.1002/sec.1430
• Yuan, Z., Lu, Y., & Xue, Y. (2016). DroidDetector: Android Malware Characterization and Detection Using Deep Learning. Tsinghua Science and Technology, 21(1), 114–123. https://doi.org/10.1109/TST.2016.7399288
• Zhang, M., Duan, Y., Yin, H., & Zhao, Z. (2014). Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS ’14), 1105–1116. https://doi.org/10.1145/2660267.2660359
• Zhao, M., Ge, F., Zhang, T., & Yuan, Z. (2011). AntiMalDroid: An Efficient SVM-Based Malware Detection Framework for Android. Communications in Computer and Information Science, 243 CCIS, 158–166. https://doi.org/10.1007/978-3-642-27503-6_22
• Zheng, M., Sun, M., & Lui, J. C. S. (2013). DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware. 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 163–171. Melbourne, Victoria, Australia. https://doi.org/10.1109/TrustCom.2013.25
• Zheng, M., Sun, M., & Lui, J. C. S. (2014). DroidTrace: A ptrace based Android dynamic analysis system with forward execution capability. IWCMC 2014 - 10th International Wireless Communications and Mobile Computing Conference, 128–133. Nicosia, Cyprus. https://doi.org/10.1109/IWCMC.2014.6906344
• Zhou, Y., & Jiang, X. (2012). Dissecting Android Malware: Characterization and Evolution. Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012), 95–109. San Francisco, CA, USA: IEEE. https://doi.org/10.1109/SP.2012.16
• Zhu, H. J., You, Z. H., Zhu, Z. X., Shi, W. L., Chen, X., & Cheng, L. (2017). DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing, 272, 638–646. https://doi.org/10.1016/j.neucom.2017.07.030