With the market share of Android mobile devices increasing, Android has come to dominate the smartphone operating system market. It also draws the attention of malware authors and researchers. The number of Android malicious applications is constantly increasing. However, due to the limitations of static detection in code obfuscation and dynamic loading, the current research of Android malicious code detection needs to be deeply studied in dynamic detection. In this paper, a new Android malware identification method is proposed. This method extracts the feature of Android system service call sequences by using a co-occurrence matrix and uses machine-learning algorithm to classify the feature sequence and to verify whether this feature sequence can expose Android malware behaviors or not. By using 750 malware samples and 1000 benign samples, this paper has designed an experiment to evaluate this method. The results show that this method has a high detection precision rate (97.1%) in the best case and a low false-positive rate (2.1%) in the worst case based on the system service call co-occurrence matrix.

• 出版日期2017-10
• 单位天津理工大学