Android Malicious Code Detection and Localization based on Runtime Feature

• 1、School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876

Abstract：Malicious code detection is an important part of Android malware detection, which is used for code research and harmfulness judgment. This part usually requires security analyst to manually analyze and localize malicious code. In order to solve the cumbersome problem of the analysis process, this paper proposes an android malicious code detection and localization method based on runtime feature, which detect malicious behaviors and localizes realted code segments based on the relationship between sensitive API calls and user intentions. This method divides malicious behavior into active trigger and passive trigger based on triggering conditions, and constructing behavior-intention prediction model and multivariate time series based on collected runtime information as detection methods. In this paper, we marked 602 malwares as test set, and the precision rate reached 90.54%. The experimental results show that this method can effectively detect malicious behaviors and localize malicious code.

Keywords： Android security malware behavior detection malicious code localization machine learning?????