Android Malicious Code Detection and Localization based on Runtime Feature
Wang Songhe
1
王淞鹤,1994年,男,硕士,主要研究方向为安卓安全
Guo Yanhui
1
郭燕慧,女,副教授、硕导,主要研究方向为内容安全、机器学习、知识发现
1、School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876
Abstract:Malicious code detection is an important part of Android malware detection, which is used for code research and harmfulness judgment. This part usually requires security analyst to manually analyze and localize malicious code. In order to solve the cumbersome problem of the analysis process, this paper proposes an android malicious code detection and localization method based on runtime feature, which detect malicious behaviors and localizes realted code segments based on the relationship between sensitive API calls and user intentions. This method divides malicious behavior into active trigger and passive trigger based on triggering conditions, and constructing behavior-intention prediction model and multivariate time series based on collected runtime information as detection methods. In this paper, we marked 602 malwares as test set, and the precision rate reached 90.54%. The experimental results show that this method can effectively detect malicious behaviors and localize malicious code.