Computer Science

Computer Science ›› 2015, Vol. 42 ›› Issue (1): 155-158.doi: 10.11896/j.issn.1002-137X.2015.01.036

Previous Articles     Next Articles

Android Malware Characterization Based on Static Analysis of Hierarchical API Usage

WEI Song-jie and YANG Ling   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

1014

Abstract: Current static-analysis practice on Android application package (APK) mainly uses the features such as permissions,data flows,API calls,extracted from the manifest file and the code.Such features lack consideration on the APK code organizations and object hierarchy,and thus they may be ineffective in describing and predicting an APK’s application behaviors and maliciousness.This research work tried to design and implement a comprehensive API-usage characterization method for Android APK on different resolutions and hierarchies,namely packages,classes,and functions.A tree structure is used to contain such hierarchical API-usage information,and a comparison algorithm is designed for cross-tree similarity,which provides extra insights in classifying and differentiating Android malware of different types and code families.The variations in API-usage on different code layers imply code functionalities and application behaviors,and thus they can be used to improve current static-analysis based malware detection and signature generation.Realistic malware packet samples of various types and families were used to validate the proposed characterization method,and results were discussed for its strength and future improvement.

Key words: Android,Malware,Static analysis

[1] 艾瑞咨询.2013年中国移动安全数据报告[EB/OL].http://report.iresearch.cn/2103.html
[2] 秦中元,徐毓青,梁彪,等.一种Android平台恶意软件静态检测方法[J].东南大学学报:自然科学版,2013,43(6):1162-1167
[3] Canfora G,Mercaldo F,Corrado Aaron Visaggio.A classifier of Malicious Android Applications[C]∥Proceedings of 2013 International Conference on Availability,Reliability and Security (ARES 2013).2013:607-614
[4] 胡文君,赵双,陶敬,等.一种针对Android平台恶意代码的检测方法及系统实现[J].西安交通大学学报,2013,7(10):37-43
[5] 李寅,范明钰,王光卫,等.基于反编译的Android平台恶意代码静态分析[J].计算机系统应用,2012,1(11):187-189
[6] 杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27
[7] Yang Zhe-min,Yang Min,Zhang Yuan,et al.AppIntent:Analyzing Sensitive Data Transmission in Android for Privacy Lea-kage Detection[C]∥Proceedings of the 20th ACM Conference on Computer and Communications Security.2013
[8] Shabtai A,Kanonov U,Elovici Y,et al.Andromaly:A Behavio-ral Malware Detection Framework for Android Devices[J].Journal of Intelligent Information Systems,2012,38:161-190
[9] Isohara T,Takemori K,Kubota A.Kernel-based Behavior Analysis for Android Malware Detection[C]∥Proceedings of International Conference on Computational Intelligence and Security (CIS).2011:1011-1015
[10] Android ApkTool-A Tool for Reverse Engineering AndroidAPK[EB/OL].http://code.google.com/p/android-apktool
[11] Dalvik Executable Format [EB/OL].http://source.android.com/devices/tech/dalvik
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.