Abstract
As Android malware increasingly relies on network interfaces to perform malicious behaviors, detecting such malicious network behaviors becomes a critical challenge. Traditionally, static analysis provides soundness for Android malware detection, but it also leads to high false positives. It is also challenging to guarantee the completion of static analysis within a given time constraint, which is an important requirement for real-world security analysis. Dynamic analysis is often used to precisely detect malware within a specific time budget. However, dynamic analysis is inherently unsound as it only reports analysis results of the executed paths. In this paper, we introduce GranDroid, a graph-based hybrid malware detection system that combines dynamic analysis, incremental and partial static analysis, and machine learning to provide time-sensitive malicious network behavior detection with high accuracy. Our evaluation using 1,500 malware samples and 1,500 benign apps shows that our approach achieves 93% accuracy while spending only eight minutes to dynamically execute each app and determine its maliciousness. GranDroid can be used to provide rich and precise detection results while incurring similar analysis time as a typical malware detector based on pure dynamic analysis.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
