Table 1 Top 10 API calls logged from malware samples where the hybrid approach was better than the random-based approach (Dataset1)
From: Machine learning-based dynamic analysis of Android apps with improved code coverage
API signatures | Random | Hybrid | Difference |
|---|---|---|---|
Ljava/io/File;->exists | 477 | 667 | 190 |
Ljava/security/MessageDigest;->getInstance | 338 | 473 | 135 |
Landroid/content/pm/ApplicationInfo;->getApplicationInfo | 435 | 563 | 128 |
Ljava/security/MessageDigest;->digest | 310 | 431 | 121 |
Ljava/util/zip/ZipInputStream;->read | 219 | 336 | 117 |
Landroid/telephony/ TelephonyManager;->getDeviceId | 315 | 429 | 114 |
Ljava/util/TimerTask;->< init> | 808 | 921 | 113 |
Landroid/content/pm/PackageManager | 651 | 756 | 105 |
Lorg/apache/http/client/HttpClient;->execute | 89 | 188 | 99 |
Ljava/io/File;->mkdir | 274 | 366 | 92 |