Abstract
The Android operating system has become a leading smartphone platform for mobile and other smart devices, which in turn has led to a diversity of malware applications. The amount of research on Android malware detection has increased significantly in recent years and many detection systems have been proposed. Despite these efforts, however, most systems can be thwarted by sophisticated Android malware adopting obfuscation or native code to avoid discovery by anti-virus tools. In this paper, we propose a new static analysis technique to address the problems of obfuscating and native malware applications. The proposed system provides a unified technique for extracting features from applications and native libraries using a selection algorithm that can extract a small set of unique and effective features for detecting malware applications rapidly and with a high detection rate. Evaluation using large Android malware detection datasets obtained from various sources confirmed that the proposed approach achieves very promising results in terms of improved accuracy, low false positive rate, and high detection rate.
Highlights
The use of Android devices is rapidly and continuously rising, with the number of applications listed in the Google Play store currently close to three million
Unified native and obfuscation code-based malware detection: We introduce a static analysis method based on Android Runtime (ART)
By comparing the Annotated Control Flow Graphs’ (ACFGs) and Sliding Windows of Difference’ (SWOD) results, native code malware can be detected with 93% accuracy at a 2.7% false positive rate (FPR) and traditional malware sets can be predicted with 99.48% accuracy
Summary
The use of Android devices is rapidly and continuously rising, with the number of applications listed in the Google Play store currently close to three million. Unified native and obfuscation code-based malware detection: We introduce a static analysis method based on Android Runtime (ART). In this method, ART converts bytecode of Android application to native code in order to construct pure native binary, which is used to extract feature sets from malware applications, and is analyzed using machine learning. ART converts bytecode of Android application to native code in order to construct pure native binary, which is used to extract feature sets from malware applications, and is analyzed using machine learning This approach has a great advantage to provide consistent and unified analysis of Android application regardless of whether it is bytecode or native application.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
