Table 9 Top 10 API calls logged from malware samples where the state-based approach was better than the hybrid approach (Dataset2)
From: Machine learning-based dynamic analysis of Android apps with improved code coverage
API signatures | State | Hybrid | Difference |
|---|---|---|---|
Lorg/apache/http/client/HttpClient;->execute | 2732 | 2006 | 726 |
Landroid/net/NetworkInfo;->isConnected | 3068 | 2521 | 547 |
Ljava/util/zip/ZipInputStream;->read | 4221 | 3716 | 505 |
Lorg/apache/http/client/methods/ HttpPost;->< init> | 3958 | 3501 | 457 |
Landroid/telephony/TelephonyManager;->getSubscriberId | 1300 | 927 | 373 |
Landroid/telephony/TelephonyManager;->getSimOperator | 1893 | 1537 | 356 |
Ljavax/crypto/Cipher;->init | 2146 | 1812 | 334 |
Ljavax/crypto/SecretKey; | 1960 | 1629 | 331 |
Ljavax/crypto/Cipher;->getInstance | 2037 | 1709 | 328 |
Ljavax/crypto/spec/SecretKeySpec;->< init> | 1891 | 1566 | 325 |