ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (10): 2299-2306.

Special Issue: 2016网络空间共享安全研究进展专题

### Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions

Chen Tieming, Yang Yimin, Chen Bo

1. (College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, 310023)
• Online:2016-10-01

Abstract: A novel static Android malware detection system Maldetect is proposed in this paper. At first, the Dalvik instructions decompiled from Android DEX files are simplified and abstracted into simpler symbolic sequences. N-Gram is then employed to extract the features from the simplified Dalvik instruction sequences, and the detection and classification model is finally built using machine learning algorithms. By comparing different classification algorithms and N-Gram sequences, 3-Gram sequences with the random forest algorithm is identified as an optimal solution for the malware detection and classification. The performance of our method is compared against the professional anti-virus tools using 4000 malware samples, and the results show that Maldetect is more effective for Android malware detection with high detection accuracy.

CLC Number: