Android Malicious Behavior Detection Based on Sensitive API Monitoring

A two-step model combining static permission filtering and sensitive API monitoring has been proposed for android malicious behavior analysis. Permission filtering matrix is used to determine whether an application has potential risks. And sensitive API monitoring, based on the reverse engineering, can monitor those sensitive APIs such as sending SMS, accessing user location, device ID, phone number, etc. From experiments, it shows that our proposed method is feasible and effective for monitoring this kind of malicious behavior.