Abstract
Android faces an increasing threat of malware attacks. The few existing formal detection methods have drawbacks such as complex code modeling, incomplete and inaccurate expression of family properties, and excessive manual participation. To this end, this paper proposes a formal detection method, called DroidFDR, for Android malware classification based on communicating sequential processes (CSP). In this method, the APK file of an application is converted to an easy-to-analyze representation, namely Jimple, in order to model the code behavior with CSP. The process describing the behavior of a sample is inputted to an FDR model checker to be simplified and verified against a process that is automatically abstracted from the malware to express the property of a family. The sample is classified by detecting whether it has the typical behavior of any family property. DroidFDR can capture the behavioral characteristics of malicious code such as control flow, data flow, procedure calls, and API calls. The experimental results show that the automated method can characterize the behavior patterns of applications from the structure level, with a high family classification accuracy of 99.06% in comparison with another formal detection method.
Funder
National Natural Science Foundation of China
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献