A Function-Level Behavior Model for Anomalous Behavior Detection in Hybrid Mobile Applications

Abstract

Hybrid mobile applications (or apps) are based on web technologies, such as HTML5 and JavaScript, and run in a browser environment. They facilitate cross-platform development. However, the security issues of web technologies are inherited by hybrid mobile apps, where the injected code may execute with the system-level privilege. In this paper, we propose a behavior model to detect malicious behaviors in hybrid mobile apps. Our model uses function-level information to describe how an app's behaviors are activated. Furthermore, once script injection happens, the behaviors made by the injected code can be detected according to the deviation from the app's behavior model.