Litcius/Paper detail

EntropLyzer: Android Malware Classification and Characterization Using Entropy Analysis of Dynamic Characteristics

David Keyes, Beiqi Li, Gurdip Kaur, Arash Habibi Lashkari, François Gagnon, Frédéric Massicotte

202192 citationsDOI

Abstract

The unmatched threat of Android malware has tremendously increased the need for analyzing prominent malware samples. There are remarkable efforts in static and dynamic malware analysis using static features and API calls respectively. Nonetheless, there is a void to classify Android malware by analyzing its behavior using multiple dynamic characteristics. This paper proposes <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">EntropLyzer</i> , an entropy-based behavioral analysis technique for classifying the behavior of 12 eminent Android malware categories and 147 malware families taken from CCCS-CIC-AndMal2020 dataset. This work uses six classes of dynamic characteristics including memory, API, network, logcat, battery, and process to classify and characterize Android malware. Results reveal that the entropy-based analysis successfully determines the behavior of all malware categories and most of the malware families before and after rebooting the emulator.

Topics & Concepts

MalwareAndroid malwareComputer scienceAndroid (operating system)Static analysisMalware analysisEntropy (arrow of time)CryptovirologyMachine learningArtificial intelligenceComputer securityData miningOperating systemProgramming languagePhysicsQuantum mechanicsAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionDigital and Cyber Forensics