DroidScreening: a practical framework for real-world Android malware analysis

Abstract

Analyzing Android malware sample is a time-consuming and error-prone work. Automatic techniques to perform suspicious apps screening and threat level evaluation is highly desired by the antivirus industry. In this paper, we proposed a novel automated framework called DroidScreening to speed up the Android malware analysis process and to assist antivirus analyst in generating the heuristics pattern for scanner. DroidScreening employs lazy associative classification (LAC) algorithms to produce classification model by learning from malicious evidence features extracted by using static analysis on Android application package files. Moreover, we proposed a novel high-interaction execution environment that can interact with malicious Android code, so that the analysis samples are induced to start executing their true malicious behavior. Experimentation on malware datasets and using LAC with traditional learning approaches show that the LAC algorithms outperformed other classification algorithms. Finally, we analyzed the performance of DroidScreening and compare it with other similar research work. Copyright © 2016 John Wiley & Sons, Ltd.