Proposing a New Feature for Structure-Aware Analysis of Android Malwares

Android is a major target of attackers for malicious purposes due to its popularity. Despite obvious malicious functionality of Android malware, its analysis is a challenging task. Extracting and using features that discriminate malicious and benign behaviors in applications is essential for malware classi cation in using machine learning methods. In this paper, we propose a new feature in Android malware classi cation process which in combination with other proposed features, can discriminate malicious and benign behaviors with a good accuracy. Using components such as activities and services in Android applications’ source code will lead to di erent ows on invoking between application’s components. We consider this ows of invoking between as a new feature which based on Android malware behaviors analysis, is di erent in benign and malicious applications. Even tough inter-app communications have been covered in many researches, using intra-app communication as a feature in Android malware analysis eld using ML methods has been seldom addressed. Our results show that we are able to achieve an accuracy as high as 85% and a false positive rate as low as 10% using SVM classi er on a data-set contain 10,320 Android malware and benign applications.