| Nowadays,mobile smart devices are necessary,which make our daily life become more convenient.Android is the most popular operating on mobile smart devices.But at the same time,Android is the first to bear the brunt from attackers,according to the rapidly growing number of Android malware.Android is smart and open,which makes it is easy for Android attackers to code,update and deploy the Android malicious applications.It is harder to detect Android malwares at the same time.Most of the current Android malware detections require lots of resource,but a large number of Android users are using old Android mobile devices as the speed of Android updating is too fast.How to analyze unknown Android applications with limited resources is significant to most Android users.On the other hand,though there are huge numbers of malwares on Android,these malwares are same with which on PC,many Android malwares are also have the similar features and clustering distribution.We call the set of Android malwares with the same features is an Android malware family.How to classify the Android malware accurately is helpful to the study of Android malware.Concerning to the occasion above,our paper makes some corresponding researches.There are the contributions:1,In this paper,we propose an ultra-lightweight detection method which is able to analyze unknown Android applications with limited resources.Firstly,a few features are extracted and divided into three sets for every application.Then,these three feature sets are embedded in the corresponding joint vector spaces as the app's feature vectors.After that,feature vectors of every vector space are classified using a machine learning algorithm.Finally,the three classification results are considered as a group and embedded in a new space and classified again.We evaluate our detection with 3427 malicious samples and 1550 benign applications.Experimental results show that our detection approach has a stable performance that the detection accuracy(true-positive rate)is always higher than 98%and the detection procedure costs only 30 ms per sample.2,In this paper,we propose an Android malware classification algorithm based on multi-feature clustering.This algorithm extracts static features of Android at first.Then we generates the signature by methods' route of the Android application.These two features can help us to avoid the tricking from repackaging malwares.According to these features,the algorithm we proposed can classify the Android malware by k-means clustering.Experiments prove that except FakeDoc,the classification accuracy of other Android malware families are all higher than 97.6% while the false positive rate is less than 2.4%.The algorithms proposed by this paper can not only analyze unknown Android applications with limited resources,but also classify the Android malicious applications we detected,which is significant to the security of Android mobile devices. |
PDF Full Text Request