Android Malware Detection using Markov Chain Model of Application Behaviors in Requesting System Services

11/15/2017
by   Majid Salehi, et al.
0

Widespread growth in Android malwares stimulates security researchers to propose different methods for analyzing and detecting malicious behaviors in applications. Nevertheless, current solutions are ill-suited to extract the fine-grained behavior of Android applications accurately and efficiently. In this paper, we propose ServiceMonitor, a lightweight host-based detection system that dynamically detects malicious applications directly on mobile devices. ServiceMonitor reconstructs the fine-grained behavior of applications based on a novel systematic system service use analysis technique. Using proposed system service use perspective enables us to build a statistical Markov chain model to represent what and how system services are used to access system resources. Afterwards, we consider built Markov chain in the form of a feature vector and use it to classify the application behavior into either malicious or benign using Random Forests classification algorithm. ServiceMonitor outperforms current host-based solutions with evaluating it against 4034 malwares and 10024 benign applications and obtaining 96% of accuracy rate and negligible overhead and performance penalty.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset