Interaction-Aware System Call Sequence Analysis for Android Malware Classification
摘要
The increasing number of mobile devices and the expansion of IoT (Internet of Things) and digital systems have made them targets for more sophisticated Android malicious apps. Existing detection techniques often use randomly generated events using ‘monkey’ tools, but this has limitations for apps that rely on user input for malicious behavior. In this paper, we extracted system calls and changed them to sequences to classify families of malicious apps by type with the DTW(Dynamic Time Warping) Algorithm. We evaluated using the AndroZoo dataset and found that family classification is possible for types of Trojan, Adware, and Exploit. In this study, we used view tree-based interaction for classification without using the ‘monkey’ tool to extract system call logs. We also extracted all logs through system call filtering to extract more malware behavior-focused system call logs. In the future, we plan to use more sophisticated interaction tools and ML and DL for classification and detection.