Presentation Material
Abstract
Android applications being used in the industry from a security perspective, it is well known that the Android platform is susceptible to malicious applications. With the recent trend where all vendors and customers are going completely mobile, Android has become a major attack surface. The mechanisms used for Android malware detection comprise several known methods, most of which are permission-based or based on API usage. However, these mechanisms are vulnerable to instruction-level obfuscation techniques.
This talk introduces a machine learning approach to Android malware analysis using functional call graphs and the Hash Graph Kernel (Hido & Kashima) method to find similarities among binaries while being resistant to obfuscation. The implementation uses the Support Vector Machine (SVM) algorithm for Android malware classification, embedding functional call graphs along the feature map. The approach achieves better detection rates with minimal false positives compared to other methods. Using clean and real malware Android application samples, a classification model is developed where functional call graphs are extracted, linear-time graph kernel based explicit mapping is deployed, and the SVM algorithm is trained to differentiate between legitimate and malicious applications.