An Empirical Study on Android malware behavior signature extraction

Malicious applications, especially in mobile devices, constitute a serious threats to user data. Due
to the openness, Android have become the most popular smart phone operating system in mobile
market. Although fast and straightforward, Static analysis approach has many difficulties to detect
stealthy malware. In this paper, we propose a behavior signature-based to classify whether malware
or not. To achieve this, we first hook a number of sensitive APIs to collect all possible invocations
of the app. We then extract the behaviors of malicious applications by comparing their flows and the
value of parameters and results of each called APIs. In our study, we extracted behavior signatures
from malware in each family. Our works help to improve the quality of analysis compared with static
analysis-only approaches.