J4 ›› 2015, Vol. 42 ›› Issue (3): 8-14.doi: 10.3969/j.issn.1001-2400.2015.03.002

• Original Articles • Previous Articles     Next Articles

Algorithm to detect Android malicious behaviors

WANG Zhiqiang1;ZHANG Yuqing2;LIU Qixu2;HUANG Tingpei2   

  1. (1. State Key Lab. of Integrated Service Networks, Xidian Univ., Xi'an  710071, China;
    2. National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing  100190, China)
  • Received:2014-03-07 Online:2015-06-20 Published:2015-07-27
  • Contact: WANG Zhiqiang E-mail:wangzq@nipc.org.cn

Abstract:

The paper presents a novel Android malware behavioral detection algorithm. The algorithm characterizes Android applications’ behaviors by system call sequences and control flow sequences, trains a malware feature base and a threshold by analyzing known malware samples. Then, we calculate the similarities between the feature base and Android applications, and detect malware by comparing the similarities with the threshold. Finally, an Android malware detection system named SCADect is developed according to the algorithm. The detection accuracy of detecting 3000 samples is up to 96.8%, and the detection rate of classifying 8-cluster obfuscated malware including 237 samples can reach 89%, obviously better than the tool Androguard. The results show that the SCADect is able to resist obfuscated and cryptographic attacks, improves the detection accuracy and reduces the false negative rate.

Key words: smartphones, malware, classification, similarity