IEEE Access (Jan 2018)

Real-Time Behavior Analysis and Identification for Android Application

  • Sixian Sun,
  • Xiao Fu,
  • Hao Ruan,
  • Xiaojiang Du,
  • Bin Luo,
  • Mohsen Guizani

DOI
https://doi.org/10.1109/ACCESS.2018.2853121
Journal volume & issue
Vol. 6
pp. 38041 – 38051

Abstract

Read online

The number of applications based on the Android platform is increasing rapidly now. However, as the supervision and review of Android applications are inadequate, a reasonable chance exists that users will download malware. This malware can lead to information leakage, monetary loss, and other damages. At present, a variety of applications exist for detecting malware, but most of these applications cannot show specific malicious behaviors. Moreover, the operation of this detection software is based on the database of viruses, and thus, it cannot identify unknown malware. To solve these problems, we implemented a system to detect the behaviors of Android applications and identify known or unknown malware. Our system can monitor specified applications utilizing loading a kernel module. After the detection process, the related documents are uploaded to the server, and the dynamic behaviors are reconstructed. As a result, a behavior diagram is generated. In addition, if the user needs to know whether the application is malware, the related Android package is sent to the server and analyzed. Then, the server calculates the results and the results are returned to the client.

Keywords