Giters

devu-62442 / GRAMAC-A-Graph-Based-Malware-Classification-Mechanism

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GRAMAC: A Graph Based Malware Classification Mechanism

Buy Me a Coffee at ko-fi.com

Android Family

What is Android ? Please read 👉🏻 Android. Jumping back to the topic, Android Malware family contains the Applications that have similar features. Feature that comes to notice is that of closeness which certain traits are preserved, including: Number of API Calls, System Calls, Permission Set etc.


Python Python Python Networkx Matplotlib

Why Graphs ?

Graphs are mathematical structures that represent pairwise relationships between objects. A graph is a flow structure that represents the relationship between various objects. It can be visualized by using the following two basic components:

Nodes: These are the most important components in any graph. Nodes are entities whose relationships are expressed using edges.

Edges: Edges are the components that are used to represent the relationships between various nodes in a graph. An edge between two nodes expresses a one-way or two-way relationship between the nodes.

The Android Application graphs are called as Callgraph .

A call graph (also known as a call multigraph) is a control flow graph, which represents calling relationships between API's in an Android Application.

Each node represents an API and each edge (a, b) indicates that API a calls API b. Call graphs can be dynamic or static. A dynamic call graph is a record of an execution of the Android Application. Thus, a dynamic call graph can be exact, but only describes one run of the application. A static call graph is a call graph intended to represent every possible execution of the Android Application.

Call graphs can be defined to represent varying degrees of precision. A more precise call graph more precisely approximates the behavior of the real Android Application, at the cost of taking longer to compute and more memory to store. The most precise call graph is fully context-sensitive, which means that for each application, the graph contains a separate node for each call stack that application have in it.

Working

Written in python Python.


The main package used is networkx. This package of python helps to work with graphs. Tap the icon to know more.


It's used to classify an Android Application into its Malware Family.

Every family has a characteristics called as ```SENSITIVE API```. These ```Sensitive API's``` set is unique for a Malware Family. Using these a ````Caller-Callee```` relationship is detected and represented as a callgraph (.gml). You can learn more about it in other repository [**Android Application Signature Creator Based on Graphs**](https://github.com/devu-62442/Android_Application_Signature_Creator).

The tool follows the following steps :-

Step #1. Clone and Download the code and the given DATASET folder as github says - GitHub

Step #2. Use the below command in the command-prompt to run the program MalwareFamily_Classifier.py

python3 MalwareFamily_Classifier.py -p [Path of your GML (Callgraph) Application] -g [Name of the GML (Callgraph)] -d [Path where dataset is stored]

Step #3. Output

The code will give you the name of the family it belongs to or will give you that it is UNKNOWN/GOODWARE

About

Languages

Language:Python 100.0%