CallDetect: Detection of Call Log Exploitation Inspired by Apoptosis

Madihah Mohd Saudi (1), Amirul Adli Che Ismail (2), Azuan Ahmad (3), Muhammad ‘Afif Husainiamer (4)
(1) Cybersecurity and System Research Unit, Islamic Science Institute, Universiti Sains Islam Malaysia (USIM), Nilai, 71800, Malaysia
(2) Faculty of Science & Technology (FST), Universiti Sains Islam Malaysia (USIM), Nilai, 71800, Malaysia
(3) Cybersecurity and System Research Unit, Islamic Science Institute, Universiti Sains Islam Malaysia (USIM), Nilai, 71800, Malaysia
(4) Faculty of Science & Technology (FST), Universiti Sains Islam Malaysia (USIM), Nilai, 71800, Malaysia
Fulltext View | Download
How to cite (IJASEIT) :
Mohd Saudi, Madihah, et al. “CallDetect: Detection of Call Log Exploitation Inspired by Apoptosis”. International Journal on Advanced Science, Engineering and Information Technology, vol. 10, no. 5, Sept. 2020, pp. 1792-7, doi:10.18517/ijaseit.10.5.7191.
Currently, we saw the increment trend of mobile application(app) exploitation that leads to loss of confidential information and money. Many malware camouflages itself as a genuine mobile app or exploits vulnerabilities inside mobile apps. Hence, this paper presents a mobile app called CallDetect that detects Android Application Interface (API) exploitation for call logs inspired by apoptosis. Apoptosis is known as cell-programmed death, and it is part of the human immunology system. Once it suspects any danger that might cause any harm to the human body, it will kill the suspected danger and itself. In the case of CallDetect, it will scan and uninstall the potentially malicious mobile application on a mobile phone. CallDetect consists of 13 new classifications of API call log, which are used as the database for CallDetect. These classifications were built by using static analysis and open source tools in a controlled lab environment. There were 5560 training datasets from Drebin and 550 anonymous testing dataset from Google Playstore. Our finding showed that 39 mobile apps, or 7%, were identified with possible call log exploitation. This paper can be used as a reference for call log API exploitation and can be further enhanced by integrating it with permission and system call exploitation.

A. Verma, S. Arora, and P. Verma, “Android OS, its security and features,” Int. J. Recent Res. Asp., vol. 4, no. 3, pp. 241-251, 2017.

M. Kumar, “Mouabad Android Malware is calling to Premium numbers; Generating revenue for its Master,” 2013. [Online]. Available: [Accessed: 15-Jun-2020].

Matthew Broersma, “Google Play CallJam Malware Infects Half A Million Users,” 12-Sep-2016. [Online]. Available: [Accessed: 15-Jun-2020].

Katia Gonzales, “Telecom Fraud: $29 Billion And Counting - Why It Matters More than Ever in the Digital Era | Horizon House Publication Inc.,” 04-Apr-2018. [Online]. Available: [Accessed: 15-Jun-2020].

H. Shewale, S. Patil, V. Deshmukh, and P. Singh, “Analysis of Android Vulnerabilities and Modern Exploitation Techniques,” ICTACT J. Commun. Technol., vol. 5, no. 1, pp. 863-867, 2014.

D. Jones, “Implementing biologically-inspired Apoptotic behaviour in digital objects : An Aspect-Oriented Approach,” no. March, 2010.

M. M. Saudi, M. Woodward, A. J. Cullen, and H. M. Noor, “An overview of apoptosis for computer security,” in Proceedings - International Symposium on Information Technology 2008, ITSim, 2008, vol. 3.

R. Sterritt, “Apoptotic computing: Programmed death by default for computer-based systems,” Computer (Long. Beach. Calif)., vol. 44, no. 1, pp. 59-65, Jan. 2011.

P. Ravi Kiran Varma, K. P. Raj, and K. V. Subba Raju, “Android mobile security by detecting and classification of malware based on permissions using machine learning algorithms,” in Proceedings of the International Conference on IoT in Social, Mobile, Analytics and Cloud, I-SMAC 2017, 2017, pp. 294-299.

E. M. B. Karbab, M. Debbabi, A. Derhab, and D. Mouheb, “MalDozer: Automatic framework for android malware detection using deep learning,” in DFRWS 2018 EU - Proceedings of the 5th Annual DFRWS Europe, 2018, vol. 24, pp. S48-S59.

K. A. Talha, D. I. Alper, and C. Aydin, “APK Auditor: Permission-based Android malware detection system,” Digit. Investig., vol. 13, pp. 1-14, Jun. 2015.

A. Saracino, D. Sgandurra, G. Dini, and F. Martinelli, “MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention,” IEEE Trans. Dependable Secur. Comput., vol. 15, no. 1, pp. 83-97, Jan. 2016.

S. Y. Yerima, S. Sezer, and I. Muttik, “High accuracy android malware detection using ensemble learning,” IET Inf. Secur., vol. 9, no. 6, pp. 313-320, Nov. 2015.

Z. Wang, J. Cai, S. Cheng, and W. Li, “DroidDeepLearner: Identifying Android malware using deep learning,” in 37th IEEE Sarnoff Symposium, Sarnoff 2016, 2017, pp. 160-165.

Kamesh and N. S. Priya, "Security Enhancement of Authenticated RFID Generation," International Journal of Applied Engineering Research (IJAER), vol. 9, no. 22, pp. 5968-5974, 2014.

J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-An, and H. Ye, “Significant Permission Identification for Machine-Learning-Based Android Malware Detection,” IEEE Trans. Ind. Informatics, vol. 14, no. 7, pp. 3216-3225, Jul. 2018.

D. Li, Z. Wang, L. Li, Z. Wang, Y. Wang, and Y. Xue, “FgDetector: Fine-Grained Android Malware Detection,” in Proceedings - 2017 IEEE 2nd International Conference on Data Science in Cyberspace, DSC 2017, 2017, pp. 311-318.

M. Mohd Saudi and A. Husainiamer, “Mobile Malware Classification via System Calls and Permission for GPS Exploitation,” Int. J. Adv. Comput. Sci. Appl., vol. 8, no. 6, pp. 277-283, 2017.

P. Burnap, R. French, F. Turner, and K. Jones, “Malware classification using self organising feature maps and machine activity data,” Comput. Secur., vol. 73, pp. 399-410, Mar. 2018.

S. Wang, Q. Yan, Z. Chen, B. Yang, C. Zhao, and M. Conti, “Detecting Android Malware Leveraging Text Semantics of Network Flows,” IEEE Trans. Inf. Forensics Secur., vol. 13, no. 5, pp. 1096-1109, May 2018.

Z. Abdullah and M. M. Saudi, “RAPID-Risk assessment of android permission and application programming interface (API) call for android botnet,” Int. J. Eng. Technol., vol. 7, no. 4, pp. 49-54, 2018.

S. Chen et al., “Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach,” Comput. Secur., vol. 73, pp. 326-344, Mar. 2018.

S. Y. Yerima and S. Sezer, “DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection,” IEEE Trans. Cybern., vol. 49, no. 2, pp. 453-466, Jan. 2018.

M. Abou-Ghali and J. Stiban, “Regulation of ceramide channel formation and disassembly: Insights on the initiation of apoptosis,” Saudi J. Biol. Sci., vol. 22, no. 6, pp. 760-772, Nov. 2015.

D. Arp, M. Spreitzenbarth, M. Hí¼bner, H. Gascon, and K. Rieck, “Drebin: Effective and Explainable Detection of Android Malware in Your Pocket,” in Network and Distributed System Security Symposium(NDSS), 2014, pp. 1-15.

M. Yusof, M. M. Saudi, and F. Ridzuan, “A new mobile botnet classification based on permission and API calls,” in Proceedings - 2017 7th International Conference on Emerging Security Technologies, EST 2017, 2017, pp. 122-127.

Z. Li, L. Sun, Q. Yan, W. Srisa-An, and Z. Chen, “DroidClassifier: Efficient adaptive mining of application-layer header for classifying android malware,” in Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, 2017, vol. 198 LNICST, pp. 597-616.

M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. Van Der Veen, and C. Platzer, “ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors,” in Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014, 2016, pp. 3-17.

R. Sihwail, K. Omar, and K. A. Z. Ariffin, “A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 8, no. 4-2, pp. 1662-1671, Sep. 2018.

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).