Mininng Dominance Tree of API Calls for Detecting Android Malware

According to the recent Symantec threat reports, Android continues to be the most targeted mobile platform, the number of new mobile malware attacks grew by 105% from 2015 to 2016, and the number of new discovered mobile malware variants grew by 54% from 2016 to 2017. A recent McAfee threat report confers that the number of malware families found in the Google play increased by 30% in 2017. There is a need to develop new techniques and methods to stop this inundation of mobile malware attacks. In this paper we propose a new technique named Droid-DomTree that mines dominance tree of API calls in an Android APK for detecting malware. We develop, a sequential model of the dominance tree of API calls and a weighing scheme for assigning weights to each node in the dominance tree for efficient feature selection. A detection rate of 94.3% was obtained with 4 classifiers. © 2018 IEEE.