{"data":{"id":"10.48550/arxiv.1711.05731","type":"dois","attributes":{"doi":"10.48550/arxiv.1711.05731","prefix":"10.48550","suffix":"arxiv.1711.05731","identifiers":[{"identifier":"1711.05731","identifierType":"arXiv"}],"alternateIdentifiers":[{"alternateIdentifierType":"arXiv","alternateIdentifier":"1711.05731"}],"creators":[{"name":"Salehi, Majid","nameType":"Personal","givenName":"Majid","familyName":"Salehi","affiliation":[],"nameIdentifiers":[]},{"name":"Amini, Morteza","nameType":"Personal","givenName":"Morteza","familyName":"Amini","affiliation":[],"nameIdentifiers":[]}],"titles":[{"title":"Android Malware Detection using Markov Chain Model of Application Behaviors in Requesting System Services"}],"publisher":"arXiv","container":{},"publicationYear":2017,"subjects":[{"lang":"en","subject":"Cryptography and Security (cs.CR)","subjectScheme":"arXiv"},{"subject":"FOS: Computer and information sciences","subjectScheme":"Fields of Science and Technology (FOS)"},{"subject":"FOS: Computer and information sciences","schemeUri":"http://www.oecd.org/science/inno/38235147.pdf","subjectScheme":"Fields of Science and Technology (FOS)"}],"contributors":[],"dates":[{"date":"2017-11-15T18:58:21Z","dateType":"Submitted","dateInformation":"v1"},{"date":"2017-11-16T01:11:37Z","dateType":"Updated","dateInformation":"v1"},{"date":"2017-11","dateType":"Available","dateInformation":"v1"},{"date":"2017","dateType":"Issued"}],"language":null,"types":{"ris":"GEN","bibtex":"misc","citeproc":"article","schemaOrg":"CreativeWork","resourceType":"Article","resourceTypeGeneral":"Preprint"},"relatedIdentifiers":[],"relatedItems":[],"sizes":[],"formats":[],"version":"1","rightsList":[{"rights":"arXiv.org perpetual, non-exclusive license","rightsUri":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/"}],"descriptions":[{"description":"Widespread growth in Android malwares stimulates security researchers to propose different methods for analyzing and detecting malicious behaviors in applications. Nevertheless, current solutions are ill-suited to extract the fine-grained behavior of Android applications accurately and efficiently. In this paper, we propose ServiceMonitor, a lightweight host-based detection system that dynamically detects malicious applications directly on mobile devices. ServiceMonitor reconstructs the fine-grained behavior of applications based on a novel systematic system service use analysis technique. Using proposed system service use perspective enables us to build a statistical Markov chain model to represent what and how system services are used to access system resources. Afterwards, we consider built Markov chain in the form of a feature vector and use it to classify the application behavior into either malicious or benign using Random Forests classification algorithm. ServiceMonitor outperforms current host-based solutions with evaluating it against 4034 malwares and 10024 benign applications and obtaining 96\\% of accuracy rate and negligible overhead and performance penalty.","descriptionType":"Abstract"},{"description":"SUBMITTED TO THE IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY","descriptionType":"Other"}],"geoLocations":[],"fundingReferences":[],"xml":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHJlc291cmNlIHhtbG5zPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCBodHRwOi8vc2NoZW1hLmRhdGFjaXRlLm9yZy9tZXRhL2tlcm5lbC00LjMvbWV0YWRhdGEueHNkIj4KICA8aWRlbnRpZmllciBpZGVudGlmaWVyVHlwZT0iRE9JIj4xMC40ODU1MC9BUlhJVi4xNzExLjA1NzMxPC9pZGVudGlmaWVyPgogIDxhbHRlcm5hdGVJZGVudGlmaWVycz4KICAgIDxhbHRlcm5hdGVJZGVudGlmaWVyIGFsdGVybmF0ZUlkZW50aWZpZXJUeXBlPSJhclhpdiI+MTcxMS4wNTczMTwvYWx0ZXJuYXRlSWRlbnRpZmllcj4KICA8L2FsdGVybmF0ZUlkZW50aWZpZXJzPgogIDxjcmVhdG9ycz4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5TYWxlaGksIE1hamlkPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5NYWppZDwvZ2l2ZW5OYW1lPgogICAgICA8ZmFtaWx5TmFtZT5TYWxlaGk8L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgICA8Y3JlYXRvcj4KICAgICAgPGNyZWF0b3JOYW1lIG5hbWVUeXBlPSJQZXJzb25hbCI+QW1pbmksIE1vcnRlemE8L2NyZWF0b3JOYW1lPgogICAgICA8Z2l2ZW5OYW1lPk1vcnRlemE8L2dpdmVuTmFtZT4KICAgICAgPGZhbWlseU5hbWU+QW1pbmk8L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgPC9jcmVhdG9ycz4KICA8dGl0bGVzPgogICAgPHRpdGxlPkFuZHJvaWQgTWFsd2FyZSBEZXRlY3Rpb24gdXNpbmcgTWFya292IENoYWluIE1vZGVsIG9mIEFwcGxpY2F0aW9uIEJlaGF2aW9ycyBpbiBSZXF1ZXN0aW5nIFN5c3RlbSBTZXJ2aWNlczwvdGl0bGU+CiAgPC90aXRsZXM+CiAgPHB1Ymxpc2hlcj5hclhpdjwvcHVibGlzaGVyPgogIDxwdWJsaWNhdGlvblllYXI+MjAxNzwvcHVibGljYXRpb25ZZWFyPgogIDxzdWJqZWN0cz4KICAgIDxzdWJqZWN0IHhtbDpsYW5nPSJlbiIgc3ViamVjdFNjaGVtZT0iYXJYaXYiPkNyeXB0b2dyYXBoeSBhbmQgU2VjdXJpdHkgKGNzLkNSKTwvc3ViamVjdD4KICAgIDxzdWJqZWN0IHN1YmplY3RTY2hlbWU9IkZpZWxkcyBvZiBTY2llbmNlIGFuZCBUZWNobm9sb2d5IChGT1MpIj5GT1M6IENvbXB1dGVyIGFuZCBpbmZvcm1hdGlvbiBzY2llbmNlczwvc3ViamVjdD4KICA8L3N1YmplY3RzPgogIDxkYXRlcz4KICAgIDxkYXRlIGRhdGVUeXBlPSJTdWJtaXR0ZWQiIGRhdGVJbmZvcm1hdGlvbj0idjEiPjIwMTctMTEtMTVUMTg6NTg6MjFaPC9kYXRlPgogICAgPGRhdGUgZGF0ZVR5cGU9IlVwZGF0ZWQiIGRhdGVJbmZvcm1hdGlvbj0idjEiPjIwMTctMTEtMTZUMDE6MTE6MzdaPC9kYXRlPgogICAgPGRhdGUgZGF0ZVR5cGU9IkF2YWlsYWJsZSIgZGF0ZUluZm9ybWF0aW9uPSJ2MSI+MjAxNy0xMTwvZGF0ZT4KICA8L2RhdGVzPgogIDxyZXNvdXJjZVR5cGUgcmVzb3VyY2VUeXBlR2VuZXJhbD0iUHJlcHJpbnQiPkFydGljbGU8L3Jlc291cmNlVHlwZT4KICA8dmVyc2lvbj4xPC92ZXJzaW9uPgogIDxyaWdodHNMaXN0PgogICAgPHJpZ2h0cyByaWdodHNVUkk9Imh0dHA6Ly9hcnhpdi5vcmcvbGljZW5zZXMvbm9uZXhjbHVzaXZlLWRpc3RyaWIvMS4wLyI+YXJYaXYub3JnIHBlcnBldHVhbCwgbm9uLWV4Y2x1c2l2ZSBsaWNlbnNlPC9yaWdodHM+CiAgPC9yaWdodHNMaXN0PgogIDxkZXNjcmlwdGlvbnM+CiAgICA8ZGVzY3JpcHRpb24gZGVzY3JpcHRpb25UeXBlPSJBYnN0cmFjdCI+V2lkZXNwcmVhZCBncm93dGggaW4gQW5kcm9pZCBtYWx3YXJlcyBzdGltdWxhdGVzIHNlY3VyaXR5IHJlc2VhcmNoZXJzIHRvIHByb3Bvc2UgZGlmZmVyZW50IG1ldGhvZHMgZm9yIGFuYWx5emluZyBhbmQgZGV0ZWN0aW5nIG1hbGljaW91cyBiZWhhdmlvcnMgaW4gYXBwbGljYXRpb25zLiBOZXZlcnRoZWxlc3MsIGN1cnJlbnQgc29sdXRpb25zIGFyZSBpbGwtc3VpdGVkIHRvIGV4dHJhY3QgdGhlIGZpbmUtZ3JhaW5lZCBiZWhhdmlvciBvZiBBbmRyb2lkIGFwcGxpY2F0aW9ucyBhY2N1cmF0ZWx5IGFuZCBlZmZpY2llbnRseS4gSW4gdGhpcyBwYXBlciwgd2UgcHJvcG9zZSBTZXJ2aWNlTW9uaXRvciwgYSBsaWdodHdlaWdodCBob3N0LWJhc2VkIGRldGVjdGlvbiBzeXN0ZW0gdGhhdCBkeW5hbWljYWxseSBkZXRlY3RzIG1hbGljaW91cyBhcHBsaWNhdGlvbnMgZGlyZWN0bHkgb24gbW9iaWxlIGRldmljZXMuIFNlcnZpY2VNb25pdG9yIHJlY29uc3RydWN0cyB0aGUgZmluZS1ncmFpbmVkIGJlaGF2aW9yIG9mIGFwcGxpY2F0aW9ucyBiYXNlZCBvbiBhIG5vdmVsIHN5c3RlbWF0aWMgc3lzdGVtIHNlcnZpY2UgdXNlIGFuYWx5c2lzIHRlY2huaXF1ZS4gVXNpbmcgcHJvcG9zZWQgc3lzdGVtIHNlcnZpY2UgdXNlIHBlcnNwZWN0aXZlIGVuYWJsZXMgdXMgdG8gYnVpbGQgYSBzdGF0aXN0aWNhbCBNYXJrb3YgY2hhaW4gbW9kZWwgdG8gcmVwcmVzZW50IHdoYXQgYW5kIGhvdyBzeXN0ZW0gc2VydmljZXMgYXJlIHVzZWQgdG8gYWNjZXNzIHN5c3RlbSByZXNvdXJjZXMuIEFmdGVyd2FyZHMsIHdlIGNvbnNpZGVyIGJ1aWx0IE1hcmtvdiBjaGFpbiBpbiB0aGUgZm9ybSBvZiBhIGZlYXR1cmUgdmVjdG9yIGFuZCB1c2UgaXQgdG8gY2xhc3NpZnkgdGhlIGFwcGxpY2F0aW9uIGJlaGF2aW9yIGludG8gZWl0aGVyIG1hbGljaW91cyBvciBiZW5pZ24gdXNpbmcgUmFuZG9tIEZvcmVzdHMgY2xhc3NpZmljYXRpb24gYWxnb3JpdGhtLiBTZXJ2aWNlTW9uaXRvciBvdXRwZXJmb3JtcyBjdXJyZW50IGhvc3QtYmFzZWQgc29sdXRpb25zIHdpdGggZXZhbHVhdGluZyBpdCBhZ2FpbnN0IDQwMzQgbWFsd2FyZXMgYW5kIDEwMDI0IGJlbmlnbiBhcHBsaWNhdGlvbnMgYW5kIG9idGFpbmluZyA5NlwlIG9mIGFjY3VyYWN5IHJhdGUgYW5kIG5lZ2xpZ2libGUgb3ZlcmhlYWQgYW5kIHBlcmZvcm1hbmNlIHBlbmFsdHkuPC9kZXNjcmlwdGlvbj4KICAgIDxkZXNjcmlwdGlvbiBkZXNjcmlwdGlvblR5cGU9Ik90aGVyIj5TVUJNSVRURUQgVE8gVEhFIElFRUUgVFJBTlNBQ1RJT05TIE9OIElORk9STUFUSU9OIEZPUkVOU0lDUyBBTkQgU0VDVVJJVFk8L2Rlc2NyaXB0aW9uPgogIDwvZGVzY3JpcHRpb25zPgo8L3Jlc291cmNlPg==","url":"https://arxiv.org/abs/1711.05731","contentUrl":null,"metadataVersion":0,"schemaVersion":"http://datacite.org/schema/kernel-4","source":"mds","isActive":true,"state":"findable","reason":null,"viewCount":0,"viewsOverTime":[],"downloadCount":0,"downloadsOverTime":[],"referenceCount":0,"citationCount":0,"citationsOverTime":[],"partCount":0,"partOfCount":0,"versionCount":0,"versionOfCount":0,"created":"2022-03-03T18:09:57.000Z","registered":"2022-03-03T18:09:58.000Z","published":"2017","updated":"2022-03-03T18:09:58.000Z"},"relationships":{"client":{"data":{"id":"arxiv.content","type":"clients"}},"provider":{"data":{"id":"arxiv","type":"providers"}},"media":{"data":{"id":"10.48550/arxiv.1711.05731","type":"media"}},"references":{"data":[]},"citations":{"data":[]},"parts":{"data":[]},"partOf":{"data":[]},"versions":{"data":[]},"versionOf":{"data":[]}}}}