|Table of Contents|

Android malware detection method based on system calls(PDF)

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2017年06期
Page:
720-
Research Field:
Publishing date:

Info

Title:
Android malware detection method based on system calls
Author(s):
Chen Hao1Jiang Haitao1Guo Jing1Zhou Chao1Yao Nan1Xu Jian2
1.State Grid Jiangsu Electric Power Company Research Institute,Nanjing 211103,China; 2.School ofComputer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China
Keywords:
Android malware detection static detection dynamic detection characterization system call frequency system call dependency
PACS:
TP309.2
DOI:
1005-9830(2017)06-0720-05
Abstract:
A dynamic Android malware detection approach is proposed aiming at the low accuracy of static malware detection approaches by researching the system calls of Android applies.The system calls achieved by stimulated events of Android applies from the sandbox are characterized,and two feature representation methods are designed based on system call frequency and system call dependency respectively.Malware and goodware are distinguished by a classifier constructed by ensemble method.The two methods are tested on 3 000 Android applications from the third-part market.The experimental results show that,the feature representation method based on system call dependency is better than that based on system call frequency,and the ensemble-based classifier has a good detection accuracy of 95.84%.

References:

[1] 胡扬波,王成现,袁杰.配网抢修移动应用系统的设计与实现[J].江苏电机工程,2014,33(3):49-52.
Hu Yangbo,Wang Chengxian,Yuan Jie.Design and realization of a mobile application system for electric distribution network rush repair[J].Jiangsu Electrical Engineering,2014,33(3):49-52.
[2]李云鹏,季晨宇,范国祥.基于物联网技术的用电侧移动营销系统设计[J].江苏电机工程,2015,34(5):80-84.
Li Yunpeng,Ji Chenyu,Fan Guoxiang.Designing of mobile marketing system based on the internet of things technique[J].Jiangsu Electrical Engineering,2015,34(5):80-84.
[3]Chan P P F,Hui L C K,Yiu S M.DroidChecker:Analyzing Android applications for capability leak[C]//The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks.New York,USA:ACM,2012:125-136.
[4]黄伟,陈昊,郭雅娟,等.基于集成分类的恶意应用检测方法[J].南京理工大学学报,2016,40(1):35-40.
Huang Wei,Chen Hao,Guo Yajuan,et al.Mobile malware detection approach using ensemble classification[J].Journal of Nanjing University of Science and Technology,2016,40(1):35-40.
[5]杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27.
Yang Huan,Zhang Yuqing,Hu Yupu,et al.A malware behavior detection system of Android applications based on multi-class features[J].Chinese Journal of Computers,2014,37(1):15-27.
[6]Enck W,Gilbert P,Han S,et al.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems(TOCS),2014,32(2):1-29.
[7]Yuan Zhenlong,Lu Yu,Wang Zhen,et al.Droid-sec:Deep learning in Android malware detection[J].ACM SIGCOMM Computer Communication Review-SIGCOMM’14,2014,44(4):371-372.
[8]Tam K,Khan S J,Fattori A,et al.CopperDroid:Automatic reconstruction of Android malware behaviors[C]//Network and Distributed System Security Symposium.London,UK:Internet Society,2015:1-15.
[9]Fredrikson M,Jha S,Christodorescu M,et al.Synthesizing near-optimal malware specifications from suspicious behaviors[C]//2010 IEEE Symposium on Security and Privacy(SP).Fajardo,USA:IEEE Computer Society,2010:41-50.
[10]Farid D M,Zhang L,Hossain A,et al.An adaptive ensemble classifier for mining concept drifting data streams[J].Expert Systems with Applications,2013,40(15):5895-5906.

Memo

Memo:
-
Last Update: 2017-12-31