DroidMalHunter: A novel entropy-based anomaly detection system to detect malicious Android applications

Along with the significant increase in the popularity of Android mobile devices, the number of malicious applications running on them has also increased dramatically in the recent past. In this paper, we propose DroidMalHunter, a novel entropy-based anomaly detection system to detect meaningful deviations in the network behavior of Android applications. Our system is based on the observation that there is often low complexity in the traffic patterns of malicious applications, resulting in a high regularity in their observed network behavior that can be quantified by entropy measures. Exploiting this observation, we investigate the use of two popular entropy measures, namely sample entropy and modified sample entropy, in detecting malicious Android applications. The results of our experiments conducted on a real dataset of benign and malicious Android applications show that DroidMalHunter can achieve a high detection rate and an acceptable false alarm rate.