Android malware analytic method based on improved multi-level signature matching

The rapid development of smartphones bring not only convenience but also a great number malwares to people´s daily life. And the open source of Android operating system worsens the current situation. This paper proposed an Android malware analytic method based on improved multi-level signature matching algorithm. For signature generation we combined multi-level signature generation method with MD5 hash function, achieving the unique identification of API calls, method, class, and the whole application. With the signature obtained, the same mal-signatures of one kind malicious behavior in the malware database can be extracted successfully. Then the confirmed information of mal-signature can be used to check other applications, so that all the suspected applications containing same mal code as the malware database can be found. Finally locating and analyzing the main mal code of those suspected applications is necessary to determine whether they are malwares. Experiments indicated that our system can find malwares based on the malware database.