Android Flows, API Calls and Intent Action for Drebin Dataset

Published: 15-03-2018| Version 2 | DOI: 10.17632/4sksrpm5vj.2
Alejandro Calleja,
David Clark,
Alejandro Martín,
Héctor D. Menéndez,
Juan Tapiador


These data contain 3 files related to the code published in: The main file, debrin_reduced.arff contains the flows analysis for 1919 apps extrated from Drebin dataset: D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, Drebin: Effective and explainable detection of android malware in your pocket., in: NDSS, 2014. The features are divided in three sets: Flows (from attribute 1 to 932), API Calls (from attribute 933 to 1013) and Intent-Actions (from attribute 1014-1121). The last attribute is the class. There are 29 classes corresponding to different Android malware families: Adrd, BaseBridge, Dougalek, DroidDream, DroidKungFu, ExploitLinuxLotoor, FakeInstaller, Fakengry, FakeRun, Fatakr, Gappusin, Geinimi, GinMaster, Glodream, Hamob, Iconosys, Imlog, Jifake, Kmin, Mobilespy, MobileTx, Nandrobox, Nyleaker, Opfake, Plankton, SMSreg, Steek, Xsider and Yzhc The flows have been extracted using FlowDroid: And the intent-actions and API calls have been extracted using Androguard: The second file, individualsReveal.txt and the third file are related to the paper experiments: Calleja, A., Martín, A., Menéndez, H. D., Tapiador, J., & Clark, D. (2018). Picking on the family: Disrupting android malware triage by forcing misclassification. Expert Systems with Applications, 95, 113-126. These files correspond to the model and experimental data of the paper.