Android Flows, API Calls and Intent Action for Drebin Dataset
These data contain 3 files related to the code published in: https://github.com/hdg7/IagoDroid The main file, debrin_reduced.arff contains the flows analysis for 1919 apps extrated from Drebin dataset: D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, Drebin: Effective and explainable detection of android malware in your pocket., in: NDSS, 2014. https://www.sec.cs.tu-bs.de/~danarp/drebin/ The features are divided in three sets: Flows (from attribute 1 to 932), API Calls (from attribute 933 to 1013) and Intent-Actions (from attribute 1014-1121). The last attribute is the class. There are 29 classes corresponding to different Android malware families: Adrd, BaseBridge, Dougalek, DroidDream, DroidKungFu, ExploitLinuxLotoor, FakeInstaller, Fakengry, FakeRun, Fatakr, Gappusin, Geinimi, GinMaster, Glodream, Hamob, Iconosys, Imlog, Jifake, Kmin, Mobilespy, MobileTx, Nandrobox, Nyleaker, Opfake, Plankton, SMSreg, Steek, Xsider and Yzhc The flows have been extracted using FlowDroid: https://blogs.uni-paderborn.de/sse/tools/flowdroid/ And the intent-actions and API calls have been extracted using Androguard: https://github.com/androguard/androguard The second file, individualsReveal.txt and the third file are related to the paper experiments: Calleja, A., Martín, A., Menéndez, H. D., Tapiador, J., & Clark, D. (2018). Picking on the family: Disrupting android malware triage by forcing misclassification. Expert Systems with Applications, 95, 113-126. These files correspond to the model and experimental data of the paper.