Detecting malicious Android applications from runtime behavior

As of 2011, the Android market has already surpassed the Apple App Store in number of applications. Along with this increase in applications, also comes an increase in number of malicious applications. In response, there has been extensive research done with behavioral analysis and detection methods using system calls, CPU usage, and anomaly-based detection. In this paper, we extend upon these previous works by using logcat and strace outputs to generate runtime datasets of both malicious and benign applications. Using these datasets, we generate feature sets to be used for classification. We test the effectiveness of both a Random Forest classifier and a Support Vector Machine on this feature set. We see the Random Forest classifier perform well with true positive rates exceeding 90% while maintaining a false positive rate less than 6%.