Behavioral classification of Android applications using system calls

The exponential growth in the number of Android applications on the market has been matching with a corresponding growth in malicious application. Of particular concern is the risk of application repackaging, a process by which cybercriminals downloads, modifies and republishes an application that already exists on the store with the addition of malicious code. Dynamic detection in system call traces, based on machine learning models has emerged as a promising solution. In this paper, we introduce a novel abstraction process, and demonstrate that it improves the classification process by replicating multiples malware detection techniques from the literature. We further propose a novel classification method, based on our observation that malware triggers specific system calls at different points than benign programs. We further make our dataset available for future researchers.