Malware detection in android based on dynamic analysis

Android is the most preferable target for malware attacks due to its increased popularity amongst other operating systems for Smartphone devices. Owing to its open architecture and large user base, it provides the developers with an open access to its code base and a large surface area to launch their malicious activities. This paper presents an approach to perform dynamic analysis of android applications to classify the applications as malicious or non malicious. To this end we have developed a syscall-capture system which collects and extracts the system call traces of all the applications during their run-time interactions with the phone platform. Subsequently all the collected system call data is aggregated and analysed to detect and classify the behaviour of Android applications. We have used our system to analyse the behaviour of 50 malicious applications obtained from the Android Malware Genome Project and 50 benign applications obtained from the Google Play Store. With the aim to classify the behaviour of these applications, we have considered the frequency of system calls made by each application as the prime feature set. To this effect we have achieved an acceptable levels of accuracy in correctly classifying the application as malicious or benign using the J48 Decision Tree algorithm and the Random Forest algorithm.