Detecting and Classifying Android Malware using Static Analysis along with Creator Information
This addresses the challenge of detecting and attributing malware for Android users and security analysts, but it is incremental as it builds on existing static analysis methods by adding a new feature.
The paper tackled the problem of Android malware detection and classification by incorporating creator information as a feature, achieving 98% detection accuracy and 90% classification accuracy.
Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional under-ground actors, however previous studies overlooked such information as a feature in detecting and classifying malware, and in attributing malware to creators. Guided by this insight, we propose a method to improve on the performance of Android malware detection by incorporating the creator's information as a feature and classify malicious applications into similar groups. We developed a system that implements this method in practice. Our system enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious be-haviors and permissions to increase detection accuracy. The system also can classify malware based on similarity scoring. Finally, we showed detection and classification performance with 98% and 90% accuracy respectively.