Proposing a New Feature for Structure-Aware Analysis of Android Malwares

Abstract

Android is a major target of attackers for malicious purposes due to its popularity. Despite obvious malicious functionality of Android malware, its analysis is a challenging task. Extracting and using features that discriminate malicious and benign behaviors in applications is essential for malware classification in using machine learning methods. In this paper, we propose a new feature in Android malware classification process which in combination with other proposed features, can discriminate malicious and benign behaviors with a good accuracy. Using components such as activities and services in Android applications’ source code will lead to different flows on invoking between application’s components. We consider this flows of invoking between application components as a new feature which based on Android malware behaviors analysis, is different in benign and malicious applications. Even tough inter-app communications have been covered in many researches, using intra-app communication as a feature in Android malware analysis field using ML methods have been seldom addressed. Our results show that we are able to achieve an accuracy as high as 85% and a false positive rate as low as 10% using SVM classifier on a data-set contain 10,320 Android malware and benign applications.