StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware
Introduction This paper focuses on detecting malware android applications based on machine learning method. They defined 4 types of features to be extracted from applications: 1. well-received features 1.1 Permission: Some malicious applications need some specific types of permissions. 1.2 Sensitive API Calls: They extracted sensitive API calls from Snail files, and found the top types of sensitive API calls which could best distinguish malicious and benign applications. 2. newly-defined features 2.1 Sequence: Malicious apps tend to have drastically different sensitive API calls. They defined 3 metrics to quantify the number of sensitive API calls. 2.2 Dynamic Behavior: Monitor the activities triggered by each application from their log file. In both of these features, they removed the common ones which are shared by malicious and benign apps, and left the most distinguishable features. Application of ML methods They compared several ML methods: SVM, decision tree, Multi-Lay