Android, the most popular mobile OS, has around 78% of market share. Due to its popularity, it attracts many malware attacks. In fact, people have discovered one million new samples per quarter, and was reported that over 98% these are in fact "derivatives" (or variants) from existing families. this paper, we first show runtime behaviors malware's core functionalities similar within a family. Hence, propose framework combine "runtime behavior" with "static structures" detect variants. We present design implementation MONET, which client backend server module. The module is lightweight, in-device app for behavior monitoring signature generation, realize using two novel interception techniques. responsible large scale detection. collect 3723 top 500 benign apps carry out extensive experiments detecting variants defending against transformation. Our MONET can achieve 99% accuracy Furthermore, defend 10 different obfuscation transformation techniques, while only incurs 7% performance overhead about 3% battery overhead. More importantly, will automatically alert users intrusion details so prevent further malicious behaviors.

Load

Load