A hidden Markov model detection of malicious Android applications at runtime

Author

Yang Chen ; Ghorbanzadeh, Mo ; Ma, Kwan-Liu ; Clancy, Charles ; McGwier, Robert

Author_Institution

Dept. of Comput. Sci., Virginia Tech, Falls Church, VA, USA

fYear

2014

fDate

9-10 May 2014

Firstpage

1

Lastpage

6

Abstract

A hidden Markov model approach is leveraged to detect potentially malicious Android applications at runtime based on analyzing the Intents passing through the binder. Real world applications are emulated, their Intents are parsed, and, after appropriate discretization of the Intent action fields, they train the hidden Markov models for recognizing anomalous and benign Android application behaviors. The inferred stochastic processes can probabilistically estimate whether an application is performing a malicious or benign action as it is running on the device. Such a decision is realized through a maximum likelihood estimation. The results show that the method is capable of detecting malicious Android applications as they run on the platform.

Keywords

Android (operating system); hidden Markov models; maximum likelihood estimation; mobile computing; security of data; Android application behaviors; hidden Markov model detection; malicious Android applications; maximum likelihood estimation; real world applications; stochastic processes; Androids; Hidden Markov models; Humanoid robots; Runtime; Security; Smart phones; Training;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless and Optical Communication Conference (WOCC), 2014 23rd

Conference_Location

Newark, NJ

Type

conf

DOI

10.1109/WOCC.2014.6839912

Filename

6839912