CatraDroid: A Call Trace Driven Detection of Malicious Behaiviors in Android Applications

The explosive growth of Android malware has led to a strong interest in developing efficient and precise malware detection approach. Recent efforts have shown that machine learning-based malware classification is a promising direction, and the API-level features are extremely representative to discriminate malware and have been drastically used in different forms. In this work, we implement a light-weight classification system, CatraDroid, that recovers the semantics at call graph level to classify applications. CatraDroid leverages text mining technique to capture a list of sensitive APIs from the knowledge consisting of exploits databases, code samples, and configurations of codebases. It builds a complete call graph for Android applications and identifies call traces from entry methods to sensitive API calls. Using call traces as features, our classification approach can effectively discriminate Android malware from benign applications. Through the evaluation, we demonstrated that our approach outperforms the state-of-art API-level detection approach, with high-quality features extracted by efficient static analysis.