An Analysis of Android Malware Behavior
Bibliographic record
Abstract
Android is dominating the smartphone market with more users than any other mobile operating system. But with its growing popularity, interest from attackers has also increased, as the number of malicious applications keeps on rising. To know more about these applications, investigation of their behavior has become very important. In our paper, we present a study that combines static and dynamic analysis of these applications with an aim to analyze their behavior by examining various attributes such as permission, CPU usage, volatile memory, and traffic. The experimental result of the static analysis shows that top permissions are used by malware to access network state, Internet, write external phone state, and read phone state. Our results of runtime experiments show that CPU usage of malicious applications is on average half that of normal applications while in terms of volatile memory usage malicious applications occupied more RAM than legitimate ones. Traffic analysis includes transmission rate between endpoints which is higher in malware compared to normal applications with a higher number of malformed packets. Based on the above-mentioned four attributes, the behavior of malware can be understood and this behavior can assist in differentiating malicious apps from legitimate applications.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
How this classification was reachedexpand
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.000 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.001 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.000 |
| Open science | 0.001 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from itClassification
machine, unvalidatedMachine predicted; a candidate call from one teacher head, not a consensus.
How this classification was reached, model by model and score by score, is at the end of the page under "How this classification was reached".