Android platform is increasingly targeted by attackers due to its popularity and openness. Traditional defenses to malware are\nlargely reliant on expert analysis to design the discriminative features manually, which are easy to bypass with the use of sophisticated\ndetection avoidance techniques. Therefore, more effective and easy-to-use approaches for detection of Android\nmalware are in demand. In this paper, we present MobiSentry, a novel lightweight defense system for malware classification and\ncategorization on smartphones. Besides conventional static features such as permissions and API calls, MobiSentry also employs\nthe N-gram features of operation codes (n-opcode). We present two comprehensive performance comparisons among several\nstate-of-the-art classification algorithms with multiple evaluation metrics: (1) malware detection on 184,486 benign applications\nand 21,306 malware samples, and (2) malware categorization on DREBIN, the largest labeled Android malware datasets. We\nutilize the ensemble of these supervised classifiers to design MobiSentry, which outperforms several related approaches and gives\na satisfying performance in the evaluation. Furthermore, we integrate MobiSentry with Android OS that enables smartphones\nwith Android to extract features and to predict whether the application is benign or malicious. Experimental results on real\nsmartphones show that users can easily and effectively protect their devices against malware through this system with a small runtime\noverhead.
Loading....