AndroTaint: An efficient android malware detection framework using dynamic taint analysis

Android operating system is widespread in today's smart-phone market due to its open source model, its easy functionality and huge number of Apps and App-Stores (the official and others). The coverage of some 90% of the market, it is also the place-holder for user's personal as well as sensitive information (IMEI, IMSI, etc.). There is a tendency of Apps user to trust on Android OS for securing his/her data but it has been proved that Android OS is more vulnerable to exploitation either for fun or for monetary purpose. Malware detection for Android OS has become an upcoming research problem of interest. Dynamic Taint Analysis is an efficient analysis in existing Android malware detection analysis. The aim of this paper is to work towards Dynamic Taint Analysis of Android malware using automatic tagging and with out modification in Android platform. In order to do this, this paper surveys exhaustively the available literature and works related to dynamic taint analysis. This paper proposes some novel ideas to improve the existing solution with more accuracy. There are two phases of our novel algorithm, the first phase is training phase for feature extraction and the second phase is the analysis phase for automatic tagging and tainting. We have developed a framework named AndroTaint, which is working on Dynamic Taint Analysis. AndroTaint follows a novel supervised and unsupervised Anomaly Detection technique with high precision, recall and harmonic mean. Our Dynamic Taint Analysis algorithm categorizes the App is risky, benign, malicious or aggressive as per their feature and behaviour. We have measured AndroTaint effectiveness on the basis of timeline for building dataset and 10-fold cross validation. AndroTaint covers 90% of malware and benign in analysis phase with less false positive and false negative.