Security and Communication Networks

Research Article

FGL_Droid: An Efficient Android Malware Detection Method Based on Hybrid Analysis

Algorithm 1

Graph construction algorithm. Our algorithm includes four steps, which are (1) replace the API with corresponding function class, (2) delete adjacent duplicate function classes, (3) convert the execution sequence of function classes to function call graph, and (4) use max-min algorithm method for normalization.
(1)Input: Dynamic API Call Sequence(S) and SUSI’s API Category(D)
(2)Output: Function Call Graph F_Graph
(3)Initially: let  = (F1, F2, F3, …, F26) be all the function category in D and
(i)//Step 1: replace the API with corresponding function class
(4)for API S do
(5)   Change API to its class in D
(6)   let F(f1, f2, f3, … fn) be the Function call Sequence
(7)end for
(ii)//Step 2: delete adjacent duplicate function classes
(8)while i < length(F) do
(9)   if F[i] = F[i − 1] then
(10)       delete F[i]
(11)  end if
(12)end while
(iii)//Step 3: convert the execution sequence of function classes to function call graph
(13)while i < length(F) do
(14)   then
(15)       Add an edge to E
(16)      
(17)  else
(18)      
(19)  end if
(20)end while
(iv)//Step 4: normalization
(21)maxWeight ← max, minWeight ← min
(22)for:
(23)   
(24)end for
(25)Return F_Graph