DroidPortrait: Android Malware Portrait Construction Based on Multidimensional Behavior Analysis

Recently, security incidents such as sensitive data leakage and video/audio hardware control caused by Android malware have raised severe security issues that threaten Android users, so thus behavior analysis and detection research researches of malicious Android applications have become a hot topic. However, the behavioral portrait of Android malware that can depict the behavior of Android malware is not approached in previous literature. To fill this gap, we propose DroidPortrait, an Android malware multi-dimensional behavioral portrait construction approach. We take the behavior of Android malware as an entry point and extract an informative behavior dataset that includes static and dynamic behavior from Android malware. Next, aiming at Android malware that contains different kinds of behaviors, a behavioral tag is defined then combined with a machine learning (ML) algorithm to implement the correlation of these behavioral tags. Android malware behavioral portrait architecture based on behavior analysis and its design is investigated, as also an optimized random forest algorithm is conceived then combined with Android malware behavioral portrait to detect Android malware. The evaluation findings indicate the DroidPortrait can depict behavioral characteristics of Android malware comprehensive and detect them with high performance.