Title :
Malicious Code Detection for Android Using Instruction Signatures
Author :
Hu Ge ; Li Ting ; Dong Hang ; Yu Hewei ; Zhang Miao
Author_Institution :
Inf. Security Center, Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
This paper provides an overview of the current static analysis technology of Android malicious code, and a detailed analysis of the format of APK which is the application name of Android platform executable file (dex). From the perspective of binary sequence, Dalvik VM file is syncopated in method, and these test samples are analyzed by automated DEX file parsing tools and Levenshtein distance algorithm, which can detect the malicious Android applications that contain the same signatures effectively. Proved by a large number of samples, this static detection system that based on signature sequences can´t only detect malicious code quickly, but also has a very low rate of false positives and false negatives.
Keywords :
Android (operating system); digital signatures; program compilers; program diagnostics; APK format; Android malicious code detection; Android platform executable file; Dalvik VM file; Levenshtein distance algorithm; automated DEX file parsing tools; binary sequence; instruction signatures; malicious Android applications detection; signature sequences; static analysis technology; static detection system; Libraries; Malware; Mobile communication; Smart phones; Software; Testing; Android; DEX; Static Analysis; malicious code;
Conference_Titel :
Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on
Conference_Location :
Oxford
DOI :
10.1109/SOSE.2014.48
