Mdroid: Android Based Malware Detection Using Mcm Classifier

Malware analysis and detection has become a prime research area in the case of smartphones, particularly based on android due to its widespread usage and increase in the number of malwares involving huge monetary gains. The exploding number of Android malware calls for automated analysis of the systems. There are two common techniques used for detecting malware, signature based and behaviour based. Signature based detection uses a sequence of bytes that appear in the binary code to identify and detect a family of malware. Behaviour based detection uses features/ artifacts created by malware during execution for identification. In this paper, we propose a new malware classification method based on semantic similarity between two common subgraphs which is effective for the detection and analysis of new threats for which signatures are not available, A behaviour graph is obtained by capturing suspicious API calls during the execution (in a sandboxed environment). We use a labelling mechanism for the API calls which will be regarded as a signature for malicious activity. Selected features are used to train an MCM classifier. On several benchmark datasets, the MCM classifier yields detection accuracy of 97% even with using one-tenth the number of support vectors used by SVMs. Keywords— Android Malware Analysis, API calls, Feature space embedding, Graph kernel, MCM classifier