An android malware detection method based on system behavior sequences
Article
Figures
Metrics
Preview PDF
Reference
Related
Cited by
Materials
Abstract:
At present, behavior features of machine learning based Android malicious code detecting approaches are independent from each other, whereas the sequential relationships between behavior features could indicate malicious behavior. In order to furtherly improve the detection accuracy, an Android malicious code detection method based on the features of system behavior sequence was proposed. Firstly, the sequences of system activities including sensitive API calls, file access, data transmission, etc. were extracted. Next, based on Markov chain model the system behavior sequences were transformed into state transition sequence, and state transition probability matrix were created. Then, the state transition probability matrix and the state occurrence frequency were used as feature sets to train the SAEs model. Finally, we examined the performance of the trained SAEs model on a dataset. The experimental results show that the proposed method performed better than the typical malicious code detection method on accuracy, precision and recall.
