论文信息 - Malware detection in android based on dynamic analysis

Malware detection in android based on dynamic analysis

Android is the most preferable target for malware attacks due to its increased popularity amongst other operating systems for Smartphone devices. Owing to its open architecture and large user base, it provides the developers with an open access to its code base and a large surface area to launch their malicious activities. This paper presents an approach to perform dynamic analysis of android applications to classify the applications as malicious or non malicious. To this end we have developed a syscall-capture system which collects and extracts the system call traces of all the applications during their run-time interactions with the phone platform. Subsequently all the collected system call data is aggregated and analysed to detect and classify the behaviour of Android applications. We have used our system to analyse the behaviour of 50 malicious applications obtained from the Android Malware Genome Project and 50 benign applications obtained from the Google Play Store. With the aim to classify the behaviour of these applications, we have considered the frequency of system calls made by each application as the prime feature set. To this effect we have achieved an acceptable levels of accuracy in correctly classifying the application as malicious or benign using the J48 Decision Tree algorithm and the Random Forest algorithm.

Rishabh Kaushal | Taniya Bhatia | Rishabh Kaushal | T. Bhatia

[1] Sahin Albayrak,et al. Detecting Symbian OS malware through static function call analysis , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[2] Yuan-Cheng Lai,et al. Identifying android malicious repackaged applications by thread-grained system call sequences , 2013, Comput. Secur..

[3] You Joung Ham,et al. Activation Pattern Analysis on Malicious Android Mobile Applications , 2013 .

[4] Simin Nadjm-Tehrani,et al. Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[5] Swarat Chaudhuri,et al. A Study of Android Application Security , 2011, USENIX Security Symposium.

[6] Chao Yang,et al. Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps , 2015, SecureComm.

[7] Xin Sun,et al. Detection, Classification and Characterization of Android Malware Using API Data Dependency , 2015, SecureComm.

[8] Heng Yin,et al. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[9] Mohammed Atiquzzaman,et al. Behavioral malware detection approaches for Android , 2016, 2016 IEEE International Conference on Communications (ICC).