Welcome to AndroidMalwareCrypto’s documentation!

This tool allows for an analysis of cryptographic API in Android applications. The tool was especially developed to compare cryptographic API usage in benign vs. malicious applications and contains (weak) malware classifier based purely on cryptographic API features. We strive to provide end-to-end solution, automating all steps in the analysis:

1. Decompilation of APKs (Mining crypto API),

2. collection of cryptographic API usage in the decompiled binaries (Mining crypto API, APK Dataset),

3. exploratory data analysis of crypto API in your dataset (Data preparation, Exploratory data analysis),

4. training and evaluation of malware classifier based on crypto API features (Classifier training),

5. explanations of the classifier using SHAP (Classifier interpretation).

This documentation serves as a protocol to allow full replication of our experiments. Use the links in the list above (or table of contents) to navigate to specific step in our research.

Install

Docker

docker pull adamjanovsky/cryptomlw \
& docker run -it adamjanovsky/cryptomlw

Python

git clone https://github.com/adamjanovsky/AndroidMalwareCrypto \
& python3 -m venv venv \
& source venv/bin/activate \
& python3 ./setup.py install

Contents

• Installation
  • Docker image and MyBinder.org notebooks
  • Dependencies
• Mining crypto API
  • Download dataset or load it from disk
  • Decompile the APKs
  • Detect all third-party libraries
  • Assign sample to malware family/category with Euphony
• Data preparation
  • Cleaning
  • Feature engineering
  • Records selection
  • Feature scaling
  • Feature selection
  • Configurations
• Exploratory data analysis
  • Evaluator
  • Automatic exploratory analysis
• Classifier training
  • Supported classifiers
  • Correct input format
  • Classifier training
  • Training for multiple objective and in parallel
• Classifier interpretation
  • Input format
  • Supported models
  • Configuration options
  • Calculation speed and parallelization
  • Output format
  • Using calculated values
• Classifier Evaluation.
• APK Dataset
  • Load own APKs from disk
  • Download samples from Androzoo