TraceDroid: Detecting Android Malware by Trace of Privacy Leakage.

Along with the popularity of the Android operating system, 98% of mobile malware targets Android devices [1], which has become one of the primary source for privacy leakage. Detecting malicious network transmissions in these apps is challenging because the malware hides its behavior and masquerades as benign software to evade detection. In this work, we propose TraceDroid, a framework that can automatically trace abnormally sensitive network transmissions to detect the malware. By leveraging the static and dynamic analysis, the sensitive informations can be firstly inferred from the call graph, and then, the sensitive transmissions can be detected by analyzing the network traffic per transfer and sensitive information with a machine learning classifier. We validate TraceDroid on 1444 malware and 700 benign applications. And our experiments show that TraceDroid can detect 3433 sensitive connections across 2144 apps with an accuracy of 94%.