Abstract

The advance of computational power and storage device equipped the mobile devices to involve more and more peoples’ daily works, and store voluminous organization’s confidential documents as well as general user’s personal data. The extensibility feature of mobile device has attracted many app developers’ contributions; while it in turns becomes the attacking target of the computer hackers. The F-Secure has reported that the profit-motivated threats on mobile device have been increasing; that is, an infected mobile device might send out personal or organizations’ confidential data or send SMS messages to premium rate numbers without user’s consent. Generally, the Android app developer can publish their apps on either official stores (i.e., Google Play) or third-party stores or both. In the Android market, the accumulated number of applications and games has been over one million. However, due to the lack of checking and validating mechanism, attackers can also distribute their malicious apps via the online store platform quickly and easily. As a result, the needs for real-time malware detection and classification become critical for Android users and official market as the number of Android apps increases sharply. In this study, we proposed the structure similarity-based malicious app detection approach to address the need of malicious Android app detection. On the basis of source code analysis, we intend to identify the sensitive features in malicious apps; that is, the API calls and system commands that related to some malicious behaviors, to build their Class-Method-API hierarchies. A new-coming app can be detected as malicious or not by assessing the structure similarity between its hierarchy and that of each malicious app. We have collected 1,259 malwares from Android Malware Genome Project and 1,259 benign apps from Google Play market for the evaluation purpose. We intend to implement a k-fold cross-validation and adopt VirusTotal as our performance benchmark. Overall, the proposed approach is expected to effectively and efficiently detect Android malwares and is appropriate for mobile devices because the maintenance and similarity assessment of partial hierarchies cost less space and computation resources.

Share

COinS