¹Add-on IT Security, Corporate Technology, Siemens Ltd., China, Wangjing Zhonghuan Nanlu, Chao yang District, P.O.Box 8543, Beijing, 100102, China
²State key laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China

---

Abstract—More and more mobile malware appears on mobile internet and pose great threat to mobile users. It is difficult for traditional signature-based anti-malware system to detect the polymorphic and metamorphic mobile malware. A mobile malware behavior analysis method based on behavior classification and self-learning data mining is proposed to detect the malicious network behavior of the unknown or metamorphic mobile malware. A network behavior classification module is used to divide the network behavior data of mobile malware into different categories according to the behavior characteristic in the training and detection phase. Three types of network behavior data of mobile malware and normal network access are employed to train the different Naïve Bayesian classifier respectively. Those classifiers are used to analyze the corresponding type of network behavior to detect the new or metamorphic mobile malware. An incremental selflearning method is adopted to gradually optimize those Naïve Bayesian Classifiers for different behavior. The simulation results showed that those Naïve Bayesian Classifiers based on behavior classification have better accuracy rate of analysis on mobile malware network behavior. Performance simulation results showed that the network behavior analysis system based on the proposed method can analyze the mobile malware on mobile internet in real time.

Index Terms—mobile internet, mobile malware, data mining, behavior classification

[PDF]

Cite: Dai-Fei Guo, Ai-Fen Sui, Yi-Jie Shi, Jian-Jun Hu, Guan-Zhou Lin, and Tao Guo, "Behavior Classification based Self-learning Mobile Malware Detection," Journal of Computers vol. 9, no. 4, pp. 851-858, 2014.