A Study of Android Malware Detection Techniques in Virtual Environment

Abstract

With the rapid development of mobile environment, cyber-attacks have become more commonplace and more sophisticated. In smartphone operating system market, in particular, Android platform accounts for a large portion (65% or higher).At the same time, malwares on the Android platform, has increased exponentially. This, such as mobile Internet Service Provider(ISP) operator and device manufacturers, have applied an anti-virus product. However, there exhibit a high false-positive rate to detect malwares because these are based on patterns or heuristic.To solve this problem, this study proposed and implemented Android malware detection techniques in virtual environment, using single physical machine. The proposed system is divided into a host system and virtual environment. The former features black market crawler designed to collect malware, hypervisor targeted for the communication and control of virtual machine and host machine and main module which transmits analysis file & result log to each system.In virtual environment, agent and emulator were implemented to analyze malware-suspicious application.This study implemented more active and faster Android malware detection techniques through black market crawling and Linux kernel-hooking mechanism.