DDefender: Android application threat detection using static and dynamic analysis

Android is the most widespread mobile operating system in the world. Due to its popularity, malware has been increasing every year steadily, which causes lots of problems to users, such as using the device's resources and transmitting private information without user's awareness. As malware has increased, anti-malware solutions have as well. Current anti-malware solutions often have very serious limitations and malware is becoming more apt to take advantage of them. In this paper, we present DDefender, a user-friendly application that detects Android malicious applications on device. DDefender is a comprehensive solution that utilizes static and dynamic analysis techniques to extract features from the user's device, then applies deep learning algorithm to detect malicious applications. At first, we use dynamic analysis to extract system calls, system information, network traffics, and requested permissions of an inspected application. Then we use static analysis to extract significant features from the inspected application such as application's components. By utilizing neural network and a large feature set of 1007 features, we evaluated our system with 4208 applications (2104 benign applications and 2104 malicious applications) and we achieved up to 95% accuracy.