Paper Info
Title
Android malware classification method: Dalvik bytecode frequency analysis
Abstract
The number of Android malware is increasing with the growth of Android, so there needs to have a method to classify malware families. There are many classification methods proposed so far, but most of them are based on permission information such as the number of requested permissions and critical permissions. Since permission information cannot represent actual application behaviors and permissions are easily separated into several communicating applications, the permission based classification methods can result in false alarms. Opposed to these permission based methods, our classification method is based on applications' Bytecode that contains actual application behaviors. Each malicious application family may have some similar Bytecode and can be classified using this information. In this paper, we propose a method to classify malware families from known malware, as a pre-step of malware detection.
Year
DOI
Venue
2013
10.1145/2513228.2513295
RACS
Keywords
Field
DocType
known malware,permission information,malware detection,actual application behavior,android malware classification method,classification method,dalvik bytecode frequency analysis,critical permission,malicious application family,android malware,malware family,requested permission,random forest
Permission,Cryptovirology,Android (operating system),Computer science,Computer security,Android malware,Malware,Random forest,Bytecode
Conference
Citations 
PageRank 
References 
12
0.65
9
Authors
4
Name
Order
Citations
PageRank
Byeongho Kang1353.76
BooJoong Kang211811.55
Jung-Tae Kim39514.24
Eul Gyu Im417524.80