On behavior-based detection of malware on Android platform

Because of exponential growth in smart mobile devices, malware attacks on smart mobile devices have been growing and pose serious threats to mobile device users. To address this issue, we develop a malware detection system, which uses a behavior-based detection approach to deal with the detection of a large number of unknown malware. To accurately detect malware, we examine system calls to capture the runtime behavior of software, which interacts with an operating system and adopt machine learning approaches such as Support Vector Machine (SVM) and Naive Bayes learning schemes to learn the dynamic behavior of software execution. Using real-world malware and benign samples, we conduct experiments on Android devices and evaluate the effectiveness of our developed system in terms of learning algorithms, the size of training set, the length of n-grams, and the overhead in training and detection processes. Our experimental data demonstrates the effectiveness of our proposed detection system to detect malware.

[1]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[2]  Eleazar Eskin,et al.  The Spectrum Kernel: A String Kernel for SVM Protein Classification , 2001, Pacific Symposium on Biocomputing.

[3]  Phurivit Sangkatsanee,et al.  Practical real-time intrusion detection using machine learning approaches , 2011, Comput. Commun..

[4]  Yuriy Bulygin,et al.  Epidemics of Mobile Worms , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[5]  Sahin Albayrak,et al.  Detecting Symbian OS malware through static function call analysis , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[6]  M. J. Nene,et al.  Machine Learning Techniques For Feature Reduction In Intrusion Detection Systems A Comparison , 2015 .

[7]  Philip K. Chan,et al.  Learning Patterns from Unix Process Execution Traces for Intrusion Detection , 1997 .

[8]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[9]  R. Swinburne Bayes's theorem , 2005 .

[10]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[11]  Tao Zhang,et al.  RobotDroid: A Lightweight Malware Detection Framework On Smartphones , 2012, J. Networks.

[12]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.