Total views : 3093

System Call Analysis of Android Malware Families


  • School of Engineering and Technology, Ansal University, Gurgaon – 122003, Haryana, India


Background/Objectives: Now a days, Android Malware is coded so wisely that it has become very difficult to detect them. The static analysis of malicious code is not enough for detection of malware as this malware hides its method call in encrypted form or it can install the method at runtime. The system call tracing is an effective dynamic analysis technique for detecting malware as it can analyze the malware at the run time. Moreover, this technique does not require the application code for malware detection. Thus, this can detect that android malware also which are difficult to detect with static analysis of code. As Android was launched in 2008, so there were fewer studies available regarding the behavior of Android Malware Families and their characteristics. The aim of this work is to explore the behavior of 10 popular Android Malware Families focused on System Call Pattern of these families. Methods/Statistical Analysis: For this purpose, the authors have extracted the system call trace of 345 malicious applications from 10 Android Malware Families named FakeInstaller, Opfake, Plankton, DroidKungFu, BaseBridge, Iconosys, Kmin, Adrd and Gappusin using strace android tool and compared it with the system calls pattern of 300 Benign Applications to justify the behavior of malicious application. Findings: During the experiment, it is observed that the malicious applications invoke some system calls more frequently than benign applications. Different Android malware invokes the different set of system calls with different frequency. Applications/Improvements: This analysis can prove helpful in designing intrusion-detection systems for an android mobile device with more accuracy.


Android Kernal, Android Malware Installation Methods, Malware Families, System Call Analysis.

Full Text:

 |  (PDF views: 1325)


  • Kang H, Cho J, Kim H. Application study on android application prototyping method using App inventor. Indian Journal of Science and Technology. 2015 Aug; 8(18):1–5. DOI: 10.17485/ijst/2015/v8i18/75919.
  • Jerlin MA, Jayakumar C. A dynamic malware analysis for windows platform - a survey. Indian Journal of Science and Technology. 2015 Oct; 8(27):1–5. DOI: 10.17485/ijst/2015/ v8i27/81172.
  • Schmidt AD, Schmidt HG, Clausen J, Yuksel KA, Kiraz O, Camtepe A, Albayrak S. Enhancing security of Linux-based android devices. Proceedings of 15th International Linux Kongress; 2008. p. 1–16.
  • Kolbitsch C, Comparetti PM, Kruegel C, Kirda E, Zhou X, Wang XF. Effective and efficient malware detection at the end host. Proceedings of the 18th conference on USENIX security Symposium; 2009. p. 351–98.
  • Wang X, Jhi V, Zhu S, Liu P. Detecting software theft via system call based birthmarks. Proceedings of the Computer Security Applications Conference; 2009. p. 149–58.
  • Lanzi A, Balzarotti D, Kruegel C, Christodorescu M, Kirda E. Accessminer: using system-centric models for malware protection. Proceedings of the 17th ACM conference on Computer and Communications Security; 2010. p. 399–12.
  • Isohara T, Takemori K, Kubota A. Kernel-based behavior analysis for android malware detection. Proceedings of Seventh International Conference on Computational Intelligence and Security(CIS), Hainan; 2011. p. 1011–15.
  • Reina A, Fattori A, Cavallaro L. A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. Proceedings of Euro Sec’13; 2013. p. 1–6.
  • Tchakounte F, Dayang P. System calls analysis of malware on android. International Journal of Science and Technology. 2013; 2(9):1–6.
  • Canfora G, Mercaldo F, Visaggio CA. A classifier of malicious android applications. Proceedings of the 2nd International Workshop on Security of Mobile Applications, in conjunction with the International Conference on Availability, Reliability and Security, (ARES), Regensburg; 2013. p. 607–14.
  • Canfora G, Medvet E, Mercaldo F, Visaggio CA. Detection of malicious web pages using system calls sequences. Proceedings of the 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIHD 2014); 2014. p. 226–38.
  • Jeong Y, Lee H, Cho S, Han S, Park M. A kernel-based monitoring approach for analyzing malicious behavior on android. Proceedings of the 29th Annual ACM Symposium on Applied Computing; 2014. p. 1737–38.
  • Ahmad DM, Javed P. Security comparison of android and IOS and implementation of User Approved Security (UAS) for Android. Indian Journal of Science and Technology. 2016 Apr; 9(14):1–7. DOI: 10.17485/ijst/2016/v9i14/87071.
  • Jeyaseelan WRS, Hariharan S. Malware detection and elimination using Bayesian technique and nymble algorithm. Indian Journal of Science and Technology. 2015 Dec; 8(34):1–7. DOI: 10.17485/ijst/2015/v8i34/85244.
  • Sathish V, Khader PSA. Deployment of proposed botnet monitoring platform using online malware analysis for distributed environment. Indian Journal of Science and Technology. 2014 Jan; 7(8):1087–1093. DOI: 10.17485/ ijst/2014/v7i8/48583.
  • Zhou Y, Jiang X. Dissecting android malware: characterization and evolution. Proceeding of IEEE Symposium on Security and Privacy, San Francisco: CA; 2012. p. 95–109.
  • Arp D, Spreitzenbarth M, Malte H, Gascon H, Rieck K. Drebin: effective and explainable detection of android malware in your pocket. Symposium of Network Distribution System and Security; 2014. p. 23–6.
  • Kang H, Jang J-W, Mohaisen A, Kim HK. Detecting and classifying android malware using static analysis along with creator information. International Journal of Distributed Sensor Networks-Special issue on Advanced Big Data Management and Analytics for Ubiquitous Sensors; 2015. p. 7.
  • Grace M, Zhou Y, Zhang Q, Zou S, Jiang X. Risk ranker: scalable and accurate zero-day android malware detection categories and subject descriptors. Proceeding of 10th International Conference Mobile System Application Services; 2011. p. 281–94.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.