An Android Malicious Code Detection Method Based on Improved DCA Algorithm

• Main Authors: Chundong Wang, Zhiyuan Li, Liangyi Gong, Xiuliang Mo, Hong Yang, Yi Zhao
• Format: Article
• Language: English
• Published: MDPI AG 2017-02-01
• Series: Entropy
• Subjects: Android malware; Dalvik disassembly sequence; suspicious API; static detection; DCA; danger theory
• Online Access: http://www.mdpi.com/1099-4300/19/2/65

Recently, Android malicious code has increased dramatically and the technology of reinforcement is increasingly powerful. Due to the development of code obfuscation and polymorphic deformation technology, the current Android malicious code static detection method whose feature selected is the semantic of application source code can not completely extract malware’s code features. The Android malware static detection methods whose features used are only obtained from the AndroidManifest.xml file are easily affected by useless permissions. Therefore, there are some limitations in current Android malware static detection methods. The current Android malware dynamic detection algorithm is mostly required to customize the system or needs system root permissions. Based on the Dendritic Cell Algorithm (DCA), this paper proposes an Android malware algorithm that has a higher detection rate, does not need to modify the system, and reduces the impact of code obfuscation to a certain degree. This algorithm is applied to an Android malware detection method based on oriented Dalvik disassembly sequence and application interface (API) calling sequence. Through the designed experiments, the effectiveness of this method is verified for the detection of Android malware.