Due to the openness of the Android-based open market, the distribution of malicious applications developed by attackers is increasing rapidly. In order to reduce the damage caused by the malicious applications, the mechanism that allows more accurate way to determine normal apps and malicious apps for common mobile devices should be developed. In this paper, the normal system call event patterns were analyzed from the most highly used game app in the Android open market, and the malicious system call event patterns were also analyzed from the malicious game apps extracted from 1260 malware samples distributed by Android MalGenome Project. Using the Strace tool, system call events are aggregated from normal and malicious apps. And analysis of relevance to each event set was performed. Through this process of analyzing the system call events, we can extract a similarity to determine whether any given app is malicious or not.
Abstract-The diverse types of mobile applications are used regardless of time and place, as a number of Android mobile device users have been recently increased. However, the breach of privacy through illegal leakage of personal information and financial information inside mobile devices has occurred without users' notices, as the malicious mobile application is relatively increasing In order to reduce the damage caused by the malicious Android applications, the efficient detection mechanism should be developed to determine normal and malicious apps correctly. In this paper, we aggregated real-time system call events activated from malware samples distributed by Android Malware Genome Project. After extracting the basic difference feature and characteristics of system call events pattern from each normal and malicious applications, we can determine whether any given anonymous mobile application is malicious or normal one.
Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.