Identifying Android malware using dynamically obtained features
The constant evolution of mobile devices’ resources and features turned ordinary phones into powerful and portable computers, leading their users to perform payments, store sensitive information and even to access other accounts on remote machines. This scenario has contributed to the rapid rise of...
Saved in:
| Published in: | Journal of computer virology and hacking techniques Vol. 11; no. 1; pp. 9 - 17 |
|---|---|
| Main Authors: | , , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
Paris
Springer Paris
01-02-2015
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The constant evolution of mobile devices’ resources and features turned ordinary phones into powerful and portable computers, leading their users to perform payments, store sensitive information and even to access other accounts on remote machines. This scenario has contributed to the rapid rise of new malware samples targeting mobile platforms. Given that Android is the most widespread mobile operating system and that it provides more options regarding application markets (official and alternative stores), it has been the main target for mobile malware. As such, markets that publish Android applications have been used as a point of infection for many users, who unknowingly download some popular applications that are in fact disguised malware. Hence, there is an urge for techniques to analyze and identify malicious applications before they are published and able to harm users. In this article, we present a system to dynamically identify whether an Android application is malicious or not, based on machine learning and features extracted from Android API calls and system call traces. We evaluated our system with 7,520 apps, 3,780 for training and 3,740 for testing, and obtained a detection rate of 96.66 %. |
|---|---|
| ISSN: | 2263-8733 2263-8733 |
| DOI: | 10.1007/s11416-014-0226-7 |