Research Article
KTSDroid: A Framework for Android Malware Categorization Using the Kernel Task Structure
Table 8
Selected features using mutual information (MI).
| | Rep | Feature name | MI score |
| | M_F1 | task -> mm -> mmap -> vm_file -> f_inode -> i_generation | 1.51 | | M_F2 | task -> mm -> mmap_base | 1.50 | | M_F3 | task -> mm -> brk | 1.50 | | M_F4 | task -> mm -> mmap_legacy_base | 1.49 | | M_F5 | task -> mm -> start_brk | 1.49 | | M_F6 | task -> mm -> end_data | 1.49 | | M_F7 | task -> mm -> start_code | 1.49 | | M_F8 | task -> mm -> start_data | 1.49 | | M_F9 | task -> mm -> end_code | 1.48 | | M_F10 | task -> mm -> mmap -> vm_file -> f_inode -> i_ino | 1.43 | | M_F11 | task -> mm -> shared_vm | 0.74 | | M_F12 | task -> mm -> total_vm | 0.64 | | M_F13 | task -> mm -> hiwater_vm | 0.59 | | M_F14 | task -> mm -> exec_vm | 0.47 | | M_F15 | task -> mm -> env_end | 0.43 | | M_F16 | task -> mm -> start_stack | 0.43 | | M_F17 | task -> mm -> arg_end | 0.42 | | M_F18 | task -> mm -> arg_start | 0.42 | | M_F19 | task -> mm -> env_start | 0.42 | | M_F20 | task -> mm -> highest_vm_end | 0.41 | | M_F21 | task -> mm -> mm_count -> counter | 0.41 | | P_F1 | task -> cred -> session_keyring -> last_used_at | 1.51 | | P_F2 | task -> real_cred -> session_keyring -> last_used_at | 1.51 | | P_F3 | task -> real_cred -> session_keyring -> serial | 1.50 | | P_F4 | task -> cred -> session_keyring -> serial | 1.50 | | S_F1 | task -> sas_ss_sp | 1.49 | | S_F2 | task -> signal -> ioac -> rchar | 0.60 | | S_F3 | task -> signal -> ioac -> wchar | 0.46 | | S_F4 | task -> signal -> real_timer -> base -> cpu_base -> clock_was_set_seq | 0.38 |
|
|
