Static and Dynamic Analysis of Android Malware

Ankita Kapratwar, Fabio Di Troia, Mark Stamp


Static analysis relies on features extracted without executing code, while dynamic analysis extracts features based on execution (or emulation). In general, static analysis is more efficient, while dynamic analysis can be more informative, particularly in cases where the code is obfuscated. Static analysis of an Android application can, for example, rely on features extracted from the manifest file or the Java bytecode, while dynamic analysis of such applications might deal with features involving dynamic code loading and system calls. In this research, we apply machine learning techniques to analyze the relative effectiveness of particular static and dynamic features for detecting Android malware. We also carefully analyze the robustness of the scoring techniques under consideration.


  1. Abah, J., e. a. (2015). A machine learning approach to anomaly-based detection on android platforms. International Journal of Network Security and Its Applications, 7(6):15-35.
  2. Afonso, V., M. e. a. (2015). Identifying android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques, 11(1):9- 17.
  3. Arp, D., e. a. (2014). Drebin: Efficient and explainable detection of android malware in your pocket. 21th Annual Network and Distributed System Security Symposium (NDSS).
  4. Aung, Z., e. a. (2013). Permission-based android malware detection. International Journal of Scientific Technology Research, Volume 2, Issue 3.
  5. Breiman, L., e. a. (2013). Random forests. Burguera, I., e. a. (2011). Crowdroid: behavior-based malware detection system for android. Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp.15-26.
  6. Dimjasevic, M., e. a. (2015). Evaluation of android malware detection based on system calls.
  7. Enck, W., e. a. (2014). Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems, 32(2):1-29.
  8. Feng, Y., e. a. (2014). Apposcopy: semantics-based detection of android malware through static analysis. Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, 576-587.
  9. Fuchs, P., e. a. (2009). Scandroid: Automated security certification of android applications. Technical Report CSTR-4991, Department of Computer Science, University of Maryland,College Park.
  10. Guptil, B. (2013). Examining application components to reveal android malware.
  11. Hand, J., e. a. (2001). A simple generalisation of the area under the roc curve for multiple class classification problems, 45(2):171-186.
  12. Ruggieri, S. (2000). Efficient c4.5.
  13. Saudi, M., e. a. (2015). Android mobile malware surveillance exploitation via call logs: Proof of concept. 17th UKSIM-AMSS International Conference on Modelling and Simulation, pp. 176-181.
  14. Shalizi, C. (2016). Logistic regression. Advanced Data Analysis from an Elementary Point of View, Chapter 12.
  15. Spreitzenbarth, M., e. a. (2014). Mobile-sandbox: combining static and dynamic analysis with machinelearning techniques. International Journal of Information Security, 14(2):141-153.
  16. Tamada, H., e. a. (2007). Design and evaluation of dynamic software birthmarks based on api calls. Nara Institute of Science and Technology, Technical Report.
  17. Vemparala, S. (2016). Malware detection using dynamic birthmarks. 2nd International Workshop on Security & Privacy Analytics (IWSPA 2016), co-located with ACM CODASPY 2016, March 9-11.
  18. Wang, X., e. a. (2009). Detecting software theft via system call based birthmarks. Proceedings of 25th Annual Computer Security Applications Conference.
  19. Zhou, Y., e. a. (2012a). Detecting malicious apps in official and alternative android markets. Proceedings of the Second ACM Conference on Data and Application Security and Privacy.
  20. Zhou, Y., e. a. (2012b). Dissecting android malware: Characterization and evolution. Proceedings of the 33rd IEEE Symposium on Security and Privacy, 95- 109.

Paper Citation

in Harvard Style

Kapratwar A., Di Troia F. and Stamp M. (2017). Static and Dynamic Analysis of Android Malware . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017) ISBN 978-989-758-209-7, pages 653-662. DOI: 10.5220/0006256706530662

in Bibtex Style

author={Ankita Kapratwar and Fabio Di Troia and Mark Stamp},
title={Static and Dynamic Analysis of Android Malware},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)},

in EndNote Style

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)
TI - Static and Dynamic Analysis of Android Malware
SN - 978-989-758-209-7
AU - Kapratwar A.
AU - Di Troia F.
AU - Stamp M.
PY - 2017
SP - 653
EP - 662
DO - 10.5220/0006256706530662