| With the ubiquitousness of Android phones and the proliferation of Android applications(apps),malicious apps have received more and more attention due to the concern of privacy leakage and property loss.However,existing malware detection approaches based on static or dynamic analysis are not scalable to the evolvement of malware and cannot extract enough valid semantics in API level,failing to detect new malware.In this paper,we propose a scalable and event-aware Android malware detection system,which exploits the behavioral patterns in different events to effectively detect new malware based on the insight that events can reflect apps' possible running activities.Unlike existing approaches using API calls as features directly,we propose to use event group to describe apps' behaviors in event level,which can capture higher level of semantics than in API level.In event group,we adopt function clusters to represent behaviors in each event so that behaviors hidden in events can still be captured as time goes on,which enables my system to detect new malwares in the event level.The function clusters can generalize API calls into vectors based on their API composition to capture new API calls,which makes my system scalable to malware evolving.Moreover,a neural network is specifically designed to aggregate the multiple events and automatically mine the semantic relationship among them.We train the system and evaluate its F1-Measure on a dataset of 14,956 benign and 28,848 malicious Android apps released in different years.The experimental results show that the system in my paper outperforms other malware detection systems. |
PDF Full Text Request