Paper Info
Title
Runtime Detection Framework for Android Malware.
Abstract
As the number of Android malware has been increased rapidly over the years, various malware detection methods have been proposed so far. Existing methods can be classified into two categories: static analysis-based methods and dynamic analysis-based methods. Both approaches have some limitations: static analysis-based methods are relatively easy to be avoided through transformation techniques such as junk instruction insertions, code reordering, and so on. However, dynamic analysis-based methods also have some limitations that analysis overheads are relatively high and kernel modification might be required to extract dynamic features. In this paper, we propose a dynamic analysis framework for Android malware detection that overcomes the aforementioned shortcomings. The framework uses a suffix tree that contains API (Application Programming Interface) subtraces and their probabilistic confidence values that are generated using HMMs (Hidden Markov Model) to reduce the malware detection overhead, and we designed the framework with the client-server architecture since the suffix tree is infeasible to be deployed in mobile devices. In addition, an application rewriting technique is used to trace API invocations without any modifications in the Android kernel. In our experiments, we measured the detection accuracy and the computational overheads to evaluate its effectiveness and efficiency of the proposed framework.
Year
DOI
Venue
2018
10.1155/2018/8094314
MOBILE INFORMATION SYSTEMS
Field
DocType
Volume
Kernel (linear algebra),Data mining,Android (operating system),Computer science,Static analysis,Application programming interface,Suffix tree,Probabilistic logic,Malware,Hidden Markov model,Distributed computing
Journal
2018
ISSN
Citations 
PageRank 
1574-017X
0
0.34
References 
Authors
3
3
Name
Order
Citations
PageRank
Tae-Guen Kim1354.94
BooJoong Kang211811.55
Eul Gyu Im317524.80