Idea: Automatic Localization of Malicious Behaviors in Android Malware with Hidden Markov Models

  • Aleieldin SalemEmail author
  • Tabea Schmidt
  • Alexander Pretschner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10953)


The lack of ground truth about malicious behaviors exhibited by current Android malware forces researchers to embark upon a lengthy process of manually analyzing malware instances. In this paper, we propose a method to automatically localize malicious behaviors residing in representations of apps’ runtime behaviors. Our initial evaluation using generated API calls traces of Android apps demonstrates the method’s feasibility and applicability.


  1. 1.
  2. 2.
  3. 3.
    Li, L., Li, D., Bissyande, T.F., Klein, J., Cai, H., Lo, D., Le Traon, Y.: Automatically locating malicious packages in piggybacked android apps. In: Proceedings of the 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2017, pp. 170–174 (2017)Google Scholar
  4. 4.
    Li, L., Li, D., Bissyande, T., Klein, J., Le Traon, Y., Lo, D., Cavallaro, L.: Understanding android app piggybacking: a systematic study of malicious code grafting. IEEE Trans. Inf. Forensics Secur. 12, 1269–1284 (2017)CrossRefGoogle Scholar
  5. 5.
    Pan, X., Wang, X., Duan, Y., Wang, X., Yin, H.: Dark hazard: learning-based, large-scale discovery of hidden sensitive operations in android apps. In: Proceedings of Network and Distributed System Security Symposium, NDSS 2017, (2017)Google Scholar
  6. 6.
    Rasthofer, S., Arzt, S., Triller, S., Pradel, M.: Making malory behave maliciously: targeted fuzzing of android execution environments. In: 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017, pp. 300–311 (2017)Google Scholar
  7. 7.
    Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). Scholar
  8. 8.
    Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2, 211–229 (2006)CrossRefGoogle Scholar
  9. 9.
    Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). Scholar
  10. 10.
    Zheng, M., Sun, M., Lui, J.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. TrustCom 2013, pp. 163–171 (2013)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Aleieldin Salem
    • 1
    Email author
  • Tabea Schmidt
    • 1
  • Alexander Pretschner
    • 1
  1. 1.Technische Universität MünchenMunichGermany

Personalised recommendations