A hybrid approach of mobile malware detection in Android

Abstract

Android security incidents occurred frequently in recent years. This motivates us to study mobile app security, especially in Android open mobile operating system. In this paper, we propose a novel hybrid approach for mobile malware detection by adopting both dynamic analysis and static analysis. We collect execution data of sample malware and benign apps using a net_link technology to generate patterns of system calls related to file and network access. Furthermore, we build up a malicious pattern set and a normal pattern set by comparing the patterns of malware and benign apps with each other. For detecting an unknown app, we use a dynamic method to collect its system calling data. We then compare them with both the malicious and normal pattern sets offline in order to judge the unknown app. Based on the test on a set of mobile malware and benign apps, we found that our approach achieves better detection success rate than some methods using either static analysis or dynamic analysis. What is more, the proposed approach is generic, which can detect different types of malware effectively. Its detection accuracy can be further improved since the pattern sets can be automatically optimized through self-learning.