Abstract

A common behavior of mobile malware is transferring sensitive information of the cell phone user to malicious remote servers. In this paper, we describe and demonstrate in full detail, a method for detecting malware based on this behavior. For this, we first create an App-URL table that logs all attempts made by all applications to communicate with remote servers. Each entry in this log preserves the application id and the URI that the application contacted. From this log, with the help of a reliable and comprehensive domain blacklist, we can detect rogue applications that communicate with malicious domains. We further propose a behavioral analysis method using syscall tracing. Our work can be integrated with be behavioral analysis to build an intelligent malware detection model.