A Hybrid Framework for Detection & Categorization of Android Malware By Synthesizing Static and Dynamic Analysis

Abstract

Android based mobile phones usage is on the rise since 2010. With billion of interconnected smart phones the number of malicious attacks on android platform are also increasing with enormous frequency. The popularity of Android is expected to go up in coming years and so will be the malicious attacks. This makes Android a great platform for security researchers to enhance user privacy and security. There are studies available that harnesses the power of static, dynamic and hybrid analysis for Android malware detection. Due to ever growing features and technology there is no study that completely addresses the Android Mobile Malware threats. Dynamic analysis is considered efficient because it analyse real time behaviour of the application but also need lot of resources. While static analysis is not resource intensive but it’s not very effective against zero day attacks. This study aim to categorize Android mobile malware into different categories by combining static and dynamic analysis. The Dynamic part involves analysis of existing study, which is about extracting Process Control Block features from memory dumps and using these features to classify malware into different categories. This dynamic study is then combined with static features to see the effect of how it improves malware detection and categorization. The proposed feature set is evaluated through Random Forest machine learning algorithm. The results shows that combining memory based features with static features results in better malware categorization.