Whitelist for Analyzing Android Malware

Abstract

The number of malicious code targeting the Android platform is increasing day by day. The biggest difficulty in analyzing the malicious code is the large amount of source code that needs to be analyzed. The larger the size of the source code, the longer the analyzing time and the longer the analyzing time, the less accurate the result of the analysis. Generally, the Android application programmers tend to use a lot of 3rd party libraries and it causes the size of the source code to increase. The use of 3rd-party library has the advantage of allowing programmers to easily develop applications, but it has the disadvantage of including unnecessary codes in the source code. For analyzing a Android application efficiently it would be better exclude well known normal code, which is called, white list from the original source code. In this paper, we present the Whitelist for Android applications. The Whitelist contains feature information from the 3rd-party library known as normal. It can be used for reducing the amount of source code to by analyzed when a Malware Analyst analyze the malicious codes in Android applications. Experiments show that the number of methods to analyze when using malicious code using Whitelist Database is greatly reduced and analysis time can be shortened.