Android Flows, API Calls and Intent Action for Drebin Dataset
datasetposted on 19.07.2019 by Alejandro Calleja, David Clark, Alejandro Martín, Héctor D. Menéndez, Juan Tapiador
Datasets usually provide raw data for analysis. This raw data often comes in spreadsheet form, but can be any collection of data, on which analysis can be performed.
These data contain 3 files related to the code published in: https://github.com/hdg7/IagoDroid The main file, debrin_reduced.arff contains the flows analysis for 1919 apps extrated from Drebin dataset: D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, Drebin: Effective and explainable detection of android malware in your pocket., in: NDSS, 2014. https://www.sec.cs.tu-bs.de/~danarp/drebin/ The features are divided in three sets: Flows (from attribute 1 to 932), API Calls (from attribute 933 to 1013) and Intent-Actions (from attribute 1014-1121). The last attribute is the class. There are 29 classes corresponding to different Android malware families: Adrd, BaseBridge, Dougalek, DroidDream, DroidKungFu, ExploitLinuxLotoor, FakeInstaller, Fakengry, FakeRun, Fatakr, Gappusin, Geinimi, GinMaster, Glodream, Hamob, Iconosys, Imlog, Jifake, Kmin, Mobilespy, MobileTx, Nandrobox, Nyleaker, Opfake, Plankton, SMSreg, Steek, Xsider and Yzhc The flows have been extracted using FlowDroid: https://blogs.uni-paderborn.de/sse/tools/flowdroid/ And the intent-actions and API calls have been extracted using Androguard: https://github.com/androguard/androguard The second file, individualsReveal.txt and the third file are related to the paper experiments: ... These files correspond to the model and experimental data of the paper.