Table 5 Top 10 API calls logged from malware samples where the hybrid approach was better than the state-based approach (Dataset1)
From: Machine learning-based dynamic analysis of Android apps with improved code coverage
API signatures | State | Hybrid | Difference |
|---|---|---|---|
Ljava/util/Date | 177 | 301 | 124 |
Ljava/util/Date;->< init> | 171 | 289 | 118 |
Ljava/util/List | 171 | 289 | 118 |
Ljava/util/Timer;->schedule | 222 | 339 | 117 |
Ljava/util/GregorianCalendar;->getTime | 107 | 207 | 100 |
Ljava/util/zip/ZipInputStream;->read | 242 | 336 | 94 |
Ljava/io/File;->exists | 602 | 667 | 65 |
Ljava/security/MessageDigest;->digest | 366 | 431 | 65 |
Lorg/apache/http/client/HttpClient;->execute | 133 | 188 | 55 |
Ljava/security/MessageDigest;->update | 288 | 335 | 47 |