Android Malicious Application Detection Based on Ontology Technology Integrated with Permissions and System Calls

Abstract

In this paper, for sharing the security knowledge of smart phone applications and detecting the malicious applications, one new method was put forward based on ontology technology which considered permissions and system calls information with JESS inference engine. In order to get final feature information list and define SWRL rules, this paper extracted and analyzed permissions and system calls information which were significant and representative ones. The constructed application ontology referred to application domain knowledge including permissions and system calls etc. so that explicit and tacit knowledge could be shared. By selecting defined SWRL rules and running JESS inference engine, this paper demonstrated that our detection method could effectively classify malware and benign. Experimental results showed that the accuracy reached 95.89%. Moreover, through a comparative analysis, it could be seen that the application security detection based on ontology method outperformed two existing Android malware detection schemes for combining two characteristic information-permissions and system calls.