The Android operating system is the most spread mobile platform in the world.
Therefor attackers are producing an incredible number of malware applications
for Android. Our aim is to detect Android’s malware in order to protect the
user. To do so really good results are obtained by dynamic analysis of
software, but it requires complex environments. In order to achieve the same
level of precision we analyze the machine code and investigate the frequencies
of ngrams of opcodes in order to detect singular code blocks. This allow us to
construct a database of infected code blocks. Then, because attacker may modify
and organized differently the infected injected code in their new malware, we
perform not only a semantic comparison of the tested software with the database
of infected code blocks but also a structured comparison. To do such comparison
we compute subgraph isomorphism. It allows us to characterize precisely if the
tested software is a malware and if so in witch family it belongs. Our method
is tested both on a laboratory database and a set of real data. It achieves an
almost perfect detection rate.

Go to Source of this post
Author Of this post: <a href="">Alain Menelet</a>, <a href="">Charles-Edmond Bichot</a> (LIRIS, ECL)

By admin