A Formal Method for Description and Decision of Android Apps Behavior Based on Process Algebra

Abstract

Android is the most popular mobile platform, and it has become a primary malware target. Existing behavior-based Android malware detection methods suffer from false positive and false negative problems, which lead to low detection accuracy. Formal theory is crucial in studying the behaviors of Android applications characterized by high concurrency, interaction, and mobility. However, existing formal methods mainly focus on specific issues and lack the essential abstraction and high-level description of application behavior. In this study, we propose a formal method for the description and decision of application behavior based on process algebra. First, we propose a formal method for describing application behavior at a component level using process algebra. By extending π-calculus theory, we establish the mapping relationship from the Android application to process algebra, and present the semantics and evolution rules of behavior based on process algebra. Second, we describe the behavior of four types of components in applications and characterize concurrent interactions of components using process algebra expressions. Third, we define the behavior equivalence and simulation mechanism for application behavior analysis and propose the decision rules based on weak simulation. Finally, we discuss a demonstration case, which includes malicious behavior, to demonstrate the feasibility and effectiveness of the proposed method. The results show that our method can accurately describe and analyze application behavior, which provides theoretical support for technologies and methods of behavior-based detection.