|Table of Contents|

Android malware detection method based on system calls(PDF)


Research Field:
Publishing date:


Android malware detection method based on system calls
Chen Hao1Jiang Haitao1Guo Jing1Zhou Chao1Yao Nan1Xu Jian2
1.State Grid Jiangsu Electric Power Company Research Institute,Nanjing 211103,China; 2.School ofComputer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China
Android malware detection static detection dynamic detection characterization system call frequency system call dependency
A dynamic Android malware detection approach is proposed aiming at the low accuracy of static malware detection approaches by researching the system calls of Android applies.The system calls achieved by stimulated events of Android applies from the sandbox are characterized,and two feature representation methods are designed based on system call frequency and system call dependency respectively.Malware and goodware are distinguished by a classifier constructed by ensemble method.The two methods are tested on 3 000 Android applications from the third-part market.The experimental results show that,the feature representation method based on system call dependency is better than that based on system call frequency,and the ensemble-based classifier has a good detection accuracy of 95.84%.


[1] 胡扬波,王成现,袁杰.配网抢修移动应用系统的设计与实现[J].江苏电机工程,2014,33(3):49-52.
Hu Yangbo,Wang Chengxian,Yuan Jie.Design and realization of a mobile application system for electric distribution network rush repair[J].Jiangsu Electrical Engineering,2014,33(3):49-52.
Li Yunpeng,Ji Chenyu,Fan Guoxiang.Designing of mobile marketing system based on the internet of things technique[J].Jiangsu Electrical Engineering,2015,34(5):80-84.
[3]Chan P P F,Hui L C K,Yiu S M.DroidChecker:Analyzing Android applications for capability leak[C]//The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks.New York,USA:ACM,2012:125-136.
Huang Wei,Chen Hao,Guo Yajuan,et al.Mobile malware detection approach using ensemble classification[J].Journal of Nanjing University of Science and Technology,2016,40(1):35-40.
Yang Huan,Zhang Yuqing,Hu Yupu,et al.A malware behavior detection system of Android applications based on multi-class features[J].Chinese Journal of Computers,2014,37(1):15-27.
[6]Enck W,Gilbert P,Han S,et al.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems(TOCS),2014,32(2):1-29.
[7]Yuan Zhenlong,Lu Yu,Wang Zhen,et al.Droid-sec:Deep learning in Android malware detection[J].ACM SIGCOMM Computer Communication Review-SIGCOMM’14,2014,44(4):371-372.
[8]Tam K,Khan S J,Fattori A,et al.CopperDroid:Automatic reconstruction of Android malware behaviors[C]//Network and Distributed System Security Symposium.London,UK:Internet Society,2015:1-15.
[9]Fredrikson M,Jha S,Christodorescu M,et al.Synthesizing near-optimal malware specifications from suspicious behaviors[C]//2010 IEEE Symposium on Security and Privacy(SP).Fajardo,USA:IEEE Computer Society,2010:41-50.
[10]Farid D M,Zhang L,Hossain A,et al.An adaptive ensemble classifier for mining concept drifting data streams[J].Expert Systems with Applications,2013,40(15):5895-5906.


Last Update: 2017-12-31