Description of Android Malware Feature Based on Dalvik Instructions

Li Ting; Dong Hang; Yuan Chunyang; Du Yuejin; Xu Guo'ai

Journal of Computer Research and Development > 2014 > 51(7): 1458-1466.

Li Ting, Dong Hang, Yuan Chunyang, Du Yuejin, Xu Guo'ai. Description of Android Malware Feature Based on Dalvik Instructions[J]. Journal of Computer Research and Development, 2014, 51(7): 1458-1466.

Citation:

PDF (2128 KB)

Description of Android Malware Feature Based on Dalvik Instructions

1(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029) 2(Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876)

More Information

Published Date: July 14, 2014

Graphical Abstract

Abstract

Abstract

In order to achieve an efficient detection of malicious software on Android, a method to analyze the malware in Android devices using Dalvik instructions has been proposed. The Dalvik executable format (DEX) files are segmented based on its format without decompile. Through the formalize description of Dalvik instructions the features of the program can be simplified and extracted. Using the MOSS algorithm and the Minkowski distance algorithm, it can be determined that whether the current software which will be tested contains malicious code based on the similarity threshold. Finally, a prototype system is built to validate the method with large amounts of random samples. Taking applications which in Android application stores as example, the extraction and description of signatures using this method proves that not only can this static detection method based on Dalvik instructions detect malicious code quickly, but also has a very low rate of false positives and false negatives. Experiments results confirm that the method proposed by this paper is feasible and credible and it is applicable for rapid detection of Android malicious code.
- Dalvik instruction,
- Android,
- malicious code,
- formal description,
- similarity

FullText(HTML)

References (0)

[1]	Feng Yuhong, Wu Kunhan, Huang Zhihong, Feng Yangzhou, Chen Huanhuan, Bai Jiancong, Ming Zhong. A Set Similarity Self-Join Algorithm with FP-tree and MapReduce[J]. Journal of Computer Research and Development, 2023, 60(12): 2890-2906. DOI: 10.7544/issn1000-1239.202111239
[2]	Hao Shaopu, Liu Quan, Xu Ping’an, Zhang Lihua, Huang Zhigang. Multi-Modal Imitation Learning Method with Cosine Similarity[J]. Journal of Computer Research and Development, 2023, 60(6): 1358-1372. DOI: 10.7544/issn1000-1239.202220119
[3]	He Yun, Li Tong, Wang Wei, Li Xiang, Lan Wei. A Semantic Similarity Integration Method for Software Feature Location Problem[J]. Journal of Computer Research and Development, 2019, 56(2): 394-409. DOI: 10.7544/issn1000-1239.2019.20180103
[4]	Qi Le, Zhang Yu, Liu Ting. Question Similarity Calculation Based on Key Information[J]. Journal of Computer Research and Development, 2018, 55(7): 1539-1547. DOI: 10.7544/issn1000-1239.2018.20170507
[5]	Chen Tieming, Yang Yimin, Chen Bo. Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions[J]. Journal of Computer Research and Development, 2016, 53(10): 2299-2306. DOI: 10.7544/issn1000-1239.2016.20160348
[6]	Wang Junhua, Zuo Wanli, Yan Zhao. Word Semantic Similarity Measurement Based on Nave Bayes Model[J]. Journal of Computer Research and Development, 2015, 52(7): 1499-1509. DOI: 10.7544/issn1000-1239.2015.20140383
[7]	Sun Yifan, Li Sai. Similarity-Based Community Detection in Social Network of Microblog[J]. Journal of Computer Research and Development, 2014, 51(12): 2797-2807. DOI: 10.7544/issn1000-1239.2014.20131209
[8]	Xiao Yu and Yu Jian. A Weighted Self Adaptive Similarity Measure[J]. Journal of Computer Research and Development, 2013, 50(9): 1876-1882.
[9]	Li Ru, Wang Zhiqiang, Li Shuanghong, Liang Jiye, Collin Baker. Chinese Sentence Similarity Computing Based on Frame Semantic Parsing[J]. Journal of Computer Research and Development, 2013, 50(8): 1728-1736.
[10]	Chen Tao, Yi Mo, Liu Zhongxuan, and Peng Silong. Image Fusion at Similar Scale[J]. Journal of Computer Research and Development, 2005, 42(12): 2126-2130.