An effective behavior-based Android malware detection system

With the rapid growth of Android applications and malware, it has become a challenge to distinguish malware from a huge number of applications. The use of behavioral analytics is one of the most promising approaches because of its accuracy and resilience to malware variants. In this paper, we propose a behavior-based malware detection system. Firstly, it uses Android APIs and libc Bionic libc function calls along with their arguments to describe sensitive application behaviors. Secondly, it conducts behavior analysis and malware detection using machine learning techniques, including Support Vector Machine, Naive Bayes, and Decision Tree. The experiments are conducted with 1136 real-world samples that are composed of various types of malware and benign applications. The evaluation results show that our system can effectively detect Android malware. In addition, we compare our system with the other behavior-based malware detection system, and the comparison results show the advantage of our system on malware detection. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Rainer Hoch,et al.  On the evaluation of document analysis components by recall, precision, and accuracy , 1999, Proceedings of the Fifth International Conference on Document Analysis and Recognition. ICDAR '99 (Cat. No.PR00318).

[2]  David A. Landgrebe,et al.  A survey of decision tree classifier methodology , 1991, IEEE Trans. Syst. Man Cybern..

[3]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[4]  L. Cavallaro,et al.  A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors , 2013 .

[5]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[6]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[7]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[8]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[9]  Kevin Joshua Abela AN AUTOMATED MALWARE DETECTION SYSTEM FOR ANDROID USING BEHAVIOR-BASED ANALYSIS AMDA , 2013 .

[10]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[11]  Jacques P. Swanepoel,et al.  Feature Weighted Support Vector Machines for Writer-Independent On-Line Signature Verification , 2014, 2014 14th International Conference on Frontiers in Handwriting Recognition.

[12]  Bao-Gang Hu,et al.  A novel support vector machine with its features weighted by mutual information , 2008, 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence).

[13]  Jean-Pierre Seifert,et al.  pBMDS: a behavior-based malware detection system for cellphone devices , 2010, WiSec '10.

[14]  Wei Yu,et al.  On behavior-based detection of malware on Android platform , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[15]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[16]  Andrew McCallum,et al.  A comparison of event models for naive bayes text classification , 1998, AAAI 1998.

[17]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.