DroidChain: A novel Android malware detection method based on behavior chains |
| |
Affiliation: | 1. Department of Computer System and Technology, Faculty of Computer Science and Information Technology, University of Malaya, 50603 Kuala Lumpur, Malaysia;2. Computer Security (COSEC) Lab, Department of Computer Science, Universidad Carlos III de Madrid, 28911 Leganes, Madrid, Spain;3. Centre for Security, Communications and Network Research, School of Computing, Electronics and Mathematics, Plymouth University, Drake Circus, Plymouth PL4 8AA, UK;1. Security Research Centre, Concordia University, Canada;2. Center of Excellence in Information Assurance (CoEIA), King Saud University, Saudi Arabia;3. Department of Computer Science, University of Sharjah, United Arab Emirates |
| |
Abstract: | The drastic increase of Android malware has led to strong interest in automating malware analysis. In this paper, to fight against malware variants and zero-day malware, we proposed DroidChain: a method combining static analysis and a behavior chain model. We transform the malware detection problem into more accessible matrix form. Using this method, we propose four kinds of malware models, including privacy leakage, SMS financial charges, malware installation, and privilege escalation. To reduce time complexity, we propose the WxShall-extend algorithm. We had moved the prototype to GitHub and evaluate using 1260 malware samples. Experimental malware detection results demonstrate accuracy, precision, and recall of 73%–93%, 71%–99%, and 42%–92%, respectively. Calculation time accounts for 6.58% of the well-known Warshall algorithm’s expense. Results demonstrate that our method, which can detect four kinds of malware simultaneously, is better than Androguard and Kirin. |
| |
Keywords: | Android malware Behavior chain Privacy leakage SMS financial charge Malware installation Privilege escalation |
本文献已被 ScienceDirect 等数据库收录! |
|