Hello, that is my first blog post. So please tell me how can I improve.

What am I done

Currently, I develop the app which by using frameworks like MobSF and Androwarn extracts properties from the Android app. After properties extracted I will pass them to the Machine learning classifier which will ask me the simple answer: “The app is benign or malware?”.

Details of implementation

Now I can extract about 3193 properties from each Android file.
The properties extraction in that project can be divided into the following parts:

1. extraction using MobSF framework
2. extraction using Androwarn
3. extraction based on decompiled java file analysis

The first two steps are simple. I use huge frameworks and determine the parameters by them. The third step is complicated because I developed it by myself. So it can be divided into the following parts:

1. decompile Android class files into the source code using Jadx
2. using java parser determine how many:
   • specific syntax constructions used in code (like how many conditional “if”, loops – “for”, “while”)
   • specific methods invoked. I realize that the Android API contains many methods. But what if I will extract only a few of them. So, by using the research about DroidApiMiner I will determine if Java code contains the calls of these methods.
   • specific constructor calls.
   • specific imports in files.

After all, I receive a huge amount of properties. Many properties are zeroed and many are not. So now I’m working on the reduction of properties amount by using artificial intelligence.

Project

So if you want to contribute, welcome at GitHub: YetAnotherAndroidAnalyzer.
If you liked that post I can explain a little bit deeper.

原文链接：Android malware properties extraction application