An android malware detection system based on behavior comparison analysis

Abstract

At present, Android malwares become more and more subtle and intelligent, after their invasion, they often detect whether the running environment is a real environment, to decide whether to perform their malicious behavior. Therefore, malware tend to execute different behavior when running in different environments. Benign applications will perform the same functions in different environments, their behaviors have a strong consistency. Based on this basic idea, we design an Android malware detection method based on behavior comparison analysis. First, design and development a number of specific different running environments, and then execute application in these environments. With the same event input, record and compare the behaviors of this application, calculate the difference, determine whether it is malicious. Under the guidance of this thought, we design and development the Android malware detection system EmuProtect. We evaluate EmuProtect system from the aspects of accuracy and validity, the results show that this system can effectively detect Android malicious applications.