"SAPIMMDS: Function-Oriented Mobile Malware Analysis Dataset Based on Suspicious API Call Patterns"

"This dataset accompanies the research presented in \u201cFunction-Oriented Mobile Malware Analysis as First Aid\u201d and provides behavior-oriented metadata for 906 Android malware samples collected from real-world smishing and spyware incidents in South Korea.The dataset was produced using a hybrid analysis approach in which each application was executed inside an Android emulator, its volatile memory region was dumped, and the odex bytecode was extracted for analysis. By comparing extracted API usage with a predefined list of suspicious APIs, the system identifies function-level malicious behavior, such as hiding SMS notifications, hijacking SMS content, exfiltrating contacts or location data, manipulating bookmarks, and stealing financial certificates (NPki).Unlike traditional family-oriented or signature-centric malware datasets, this resource focuses on function-oriented malware analysis, enabling researchers to examine how malicious actions manifest through API call patterns. The dataset is suitable for studies in behavioral malware detection, API-pattern mining, smishing threat analysis, and Android security research."

本数据集配套发表于《面向功能的移动恶意软件应急分析》（Function-Oriented Mobile Malware Analysis as First Aid）的研究工作，收录了从韩国真实短信钓鱼（smishing）与间谍软件事件中采集的906个安卓（Android）恶意软件样本的行为导向元数据。本数据集采用混合分析方法构建：将每一个应用程序运行于安卓模拟器中，转储其易失性内存区域，并提取odex字节码用于分析。通过将提取的应用程序编程接口（API）调用数据与预定义的可疑API列表进行比对，系统可识别功能级恶意行为，包括隐藏短信通知、劫持短信内容、窃取联系人或位置数据、篡改书签，以及盗取金融证书（NPki）。与传统的以恶意软件家族为导向或基于特征签名的恶意软件数据集不同，本数据集聚焦于面向功能的恶意软件分析，可支持研究人员探究恶意行为如何通过API调用模式得以呈现。本数据集适用于行为恶意软件检测、API模式挖掘、短信钓鱼威胁分析以及安卓（Android）安全研究等相关研究方向。