{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,29]],"date-time":"2025-05-29T04:45:54Z","timestamp":1748493954090,"version":"3.40.5"},"reference-count":31,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,10,1]]},"abstract":"<p>Widespread use of Android-based applications on the smartphones has resulted in significant growth of security attack incidents. Malware-based attacks are the most common attacks on Android-based smartphones. To forestall malware from attacking the users, a much better understanding of Android malware and its behaviour is required. In this article, an approach to classify and characterise the malicious behaviour of Android applications using static features, data flow analysis, and machine learning techniques has been proposed. Static features like hardware components, permissions, Android components and inter-component communication along with unique source-sink pairs obtained from data flow analysis have been used to extract the features of the Android applications. Based on the features extracted, the malicious behaviour of the applications has been classified to their respective malware family. The proposed approach has given 95.19% accuracy rate and F1 measure of 92.19302 with the largest number of malware families classified as compared to previous work.<\/p>","DOI":"10.4018\/ijisp.2020100104","type":"journal-article","created":{"date-parts":[[2020,9,8]],"date-time":"2020-09-08T11:14:17Z","timestamp":1599563657000},"page":"57-73","source":"Crossref","is-referenced-by-count":3,"title":["DecaDroid Classification and Characterization of Malicious Behaviour in Android Applications"],"prefix":"10.4018","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9169-5108","authenticated-orcid":true,"given":"Charu","family":"Gupta","sequence":"first","affiliation":[{"name":"Indira Gandhi Delhi Technical Universiy for Women, Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8729-2293","authenticated-orcid":true,"given":"Rakesh Kumar","family":"Singh","sequence":"additional","affiliation":[{"name":"Indira Gandhi Delhi Technical University for Women, Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simran Kaur","family":"Bhatia","sequence":"additional","affiliation":[{"name":"Indira Gandhi Delhi Technical University for Women, Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Amar Kumar","family":"Mohapatra","sequence":"additional","affiliation":[{"name":"Indira Gandhi Delhi Technical University for Women, Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"2432","reference":[{"key":"IJISP.2020100104-0","doi-asserted-by":"crossref","unstructured":"Aafer, Y., Du, W., & Yin, H. (2013, September). DroidApiMiner: Mining API-level features for robust malware detection in Android. In Proceedings of the International conference on security and privacy in communication systems (pp. 86-103). Springer, Cham.","DOI":"10.1007\/978-3-319-04283-1_6"},{"year":"2014","author":"D.Arp","key":"IJISP.2020100104-1"},{"key":"IJISP.2020100104-2","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., & Siemens, C. E. R. T. (2014, February). DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In NDSS (Vol. 14, pp. 23-26).","DOI":"10.14722\/ndss.2014.23247"},{"key":"IJISP.2020100104-3","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"IJISP.2020100104-4","doi-asserted-by":"publisher","DOI":"10.4018\/IJISP.2017100104"},{"key":"IJISP.2020100104-5","doi-asserted-by":"crossref","unstructured":"Bhandari, S., Panihar, R., Naval, S., Laxmi, V., Zemmari, A., & Gaur, M. S. (2018). SWORD: Semantic aware Android malware detector. Journal of information security and applications, 42, 46-56.","DOI":"10.1016\/j.jisa.2018.07.003"},{"key":"IJISP.2020100104-6","unstructured":"Desnos, A. (n.d.). Androguard. Retrieved from https:\/\/github.com\/androguard"},{"key":"IJISP.2020100104-7","unstructured":"Desnos, A., & Gueguen, G. (2011). Android: From reversing to decompilation. In Proc. of Black Hat Abu Dhabi (pp. 77-101). Academic Press."},{"key":"IJISP.2020100104-8","unstructured":"Documentation, A. (2012). Retrieved January, 2018, from https:\/\/androguard.readthedocs.io\/en\/latest\/intro\/index.html"},{"key":"IJISP.2020100104-9","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"IJISP.2020100104-10","doi-asserted-by":"publisher","DOI":"10.1214\/aos\/1013203451"},{"key":"IJISP.2020100104-11","doi-asserted-by":"crossref","unstructured":"Gordon, M. I., Kim, D., Perkins, J. H., Gilham, L., Nguyen, N., & Rinard, M. C. (2015, February). Information Flow Analysis of Android Applications in DroidSafe. In NDSS (Vol. 15, p. 110). Academic Press.","DOI":"10.14722\/ndss.2015.23089"},{"key":"IJISP.2020100104-12","unstructured":"Jiang, X. (2011, July 7). GoldDream. Retrieved February 4, 2018, from https:\/\/www.csc2.ncsu.edu\/faculty\/xjiang4\/GoldDream\/"},{"key":"IJISP.2020100104-13","unstructured":"Khandelwal, A., & Mohapatra, A. K. (2015, March). An insight into the security issues and their solutions for Android phones. In Proceedings of the 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 106-109). IEEE."},{"key":"IJISP.2020100104-14","first-page":"23","article-title":"Detection, classification and characterisation of Android malware using API data dependency.","author":"Y.Li","year":"2015","journal-title":"International Conference on Security and Privacy in Communication Systems"},{"key":"IJISP.2020100104-15","doi-asserted-by":"publisher","DOI":"10.4018\/IJACI.2018010106"},{"key":"IJISP.2020100104-16","doi-asserted-by":"publisher","DOI":"10.1201\/9781420067194"},{"key":"IJISP.2020100104-17","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1145\/1920261.1920313","article-title":"Paranoid Android: versatile protection for smartphones.","author":"G.Portokalidis","year":"2010","journal-title":"Proceedings of the 26th Annual Computer Security Applications Conference"},{"key":"IJISP.2020100104-18","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2536605"},{"key":"IJISP.2020100104-19","unstructured":"Smith. (2018, August 22). Android 'Triout' spyware records calls, sends photos and text messages to attackers. CSO Online. Retrieved from https:\/\/www.csoonline.com\/article\/3299700\/security\/Android-triout-spyware-records-calls-sends-photos-and-text-messages-to-attackers.html"},{"key":"IJISP.2020100104-20","unstructured":"Soot Info Flow. (2018, January 17). Secure-software-engineering\/soot-infoflow-Android. Retrieved from https:\/\/github.com\/secure-software-engineering\/soot-infoflow-Android"},{"key":"IJISP.2020100104-21","doi-asserted-by":"crossref","unstructured":"Soto-Valero, C., & Gonz\u00e1lez, M. (2018). An empirical study of malware diversity in major Android markets. Journal of Cyber Security Technology, 1-24.","DOI":"10.1080\/23742917.2018.1483876"},{"key":"IJISP.2020100104-22","unstructured":"Trojan.Gen.10. (n.d.). Symantec. (Security Centre). Retrieved from https:\/\/www.symantec.com\/security-center\/writeup\/2018-091314-3234-99"},{"key":"IJISP.2020100104-23","doi-asserted-by":"publisher","DOI":"10.4018\/IJISP.2017070103"},{"key":"IJISP.2020100104-24"},{"key":"IJISP.2020100104-25","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2016.06.018"},{"key":"IJISP.2020100104-26","unstructured":"Wentworth, T. (2018, September 20). Visual Workflow for Predictive Analytics | RapidMiner\u00a9 Studio. Retrieved from https:\/\/rapidminer.com\/products\/studio\/"},{"key":"IJISP.2020100104-27","unstructured":"Yan, L. K., & Yin, H. (2012, August). DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In USENIX security symposium (pp. 569-584). Academic Press."},{"key":"IJISP.2020100104-28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11203-9_10"},{"key":"IJISP.2020100104-29","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2014.0099"},{"key":"IJISP.2020100104-30","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660359"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=262086","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T15:58:29Z","timestamp":1651852709000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJISP.2020100104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2020,10,1]]},"references-count":31,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,10]]}},"URL":"https:\/\/doi.org\/10.4018\/ijisp.2020100104","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"type":"print","value":"1930-1650"},{"type":"electronic","value":"1930-1669"}],"subject":[],"published":{"date-parts":[[2020,10,1]]}}}