Visual analysis of android malware behavior profile based on PMCGdroid: A pruned lightweight APP call graph

Abstract

In recent years, there is a sharp increasing in the number of malicious APPs on the Android platform, so how to identify new type of Android malware and its malicious behaviors has been a hot research topic in the security community. This paper presents a visualization framework to help security analysts precisely distinguish malicious profiles of APPs. By labeling target nodes, adding implicit call edges, pruning harmless branches, and a few other operations, we generate a new kind of call graph: PMCGdroid. This graph not only has a sharp decrease in size comparing to the original APP call graph but also preserves the malicious core of malware well. Based on PMCGdroid, visual interfaces are designed to assist users in checking the malicious behavior profile of samples with rich user interactive operations. We study real world samples to prove the usability and efficiency of our approach.