Abstract
Most of the existing Android malware detection mechanisms are based on machine learning algorithms. The problem with the machine learning approaches is the difficulty in finding the best features that uniquely characterize the malwares. Hence, in this article we explore the property that uniquely characterizes Android malware applications. Toward this, we model the system call sequence generated by a malware application as a stationary first-order ergodic Markov chain and prove the existence of typical patterns which contains the malicious system call code of the application. In our implementation, we find the occurrence of common malicious system call codes in the system call sequence of several malware families. Finally a malware detection mechanism is proposed based on the occurrence of malicious system call code s in the system call sequence of an application. We obtain a consistent accuracy of around 0.95 in balanced, slightly unbalanced, and highly unbalanced data sets. In the balanced and slightly unbalanced data sets we obtain greater precision than 0.90; whereas in the highly unbalanced data sets the precision obtained are slightly lower at 0.72.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
