Behavior-based malware detection system for the Android platform

Abstract: Malware in smartphones is growing at a significant rate. There are currently more than 250 million smartphone users in the world and this number is expected to grow in coming years.  In the past few years, smartphones have evolved from simple mobile phones into sophisticated computers. This evolution has enabled smartphone users to access and browse the Internet, to receive and send emails, SMS and MMS messages and to connect devices in order to exchange information. All of these features make the smartphone a useful tool in our daily lives, but at the same time they render it more vulnerable to attacks by malicious applications.  Given that most users store sensitive information on their mobile phones, such as phone numbers, SMS messages, emails, pictures and videos, smartphones are a very appealing target for attackers and malware developers. The need to maintain security and data confidentiality on the Android platform makes the analysis of malware on this platform an urgent issue.  We have based this report on previous approaches to the dynamic analysis of application behavior, and have adapted one approach in order to detect malware on the Android platform. The detector is embedded in a framework to collect traces from a number of real users and is based on crowdsourcing. Our framework has been tested by analyzing data collected at the central server using two types of data sets: data from artificial malware created for test purposes and data from real malware found in the wild. The method used is shown to be an effective means of isolating malware and alerting users of downloaded malware, which suggests that it has great potential for helping to stop the spread of detected malware to a larger community.  This thesis project shows that it is feasible to create an Android malware detection system with satisfactory results.