Previous researches on Android malware mainly focus on malware detection, and malware�s evolution makes the process face\ncertain hysteresis. The information presented by these detected results (malice judgment, family classification, and behavior\ncharacterization) is limited for analysts. Therefore, a method is needed to restore the intention of malware, which reflects the\nrelation between multiple behaviors of complex malware and its ultimate purpose. This paper proposes a novel description and\nderivation model of Android malware intention based on the theory of intention and malware reverse engineering. This approach\ncreates ontology formalware intention to model the semantic relation between behaviors and its objects and automates the process\nof intention derivation by using SWRL rules transformed fromintentionmodel and Jess inference engine. Experiments on 75 typical\nsamples show that the inference system can perform derivation of malware intention effectively, and 89.3% of the inference results\nare consistent with artificial analysis, which proves the feasibility and effectiveness of our theory and inference system.
Loading....