T2FS-based Ontology Mechanism for Android Malware Analysis



Malicious software (malware) is an important threat and one of the biggest problems in the modern post-industrial society. Unfortunately, the current detection approaches face two major challenges: 1.) Increasing number of obfuscators (scrambling source codes to become non-readable) and packers (encrypting source codes to become anti-decompiling), and 2.) Anti-sandboxing techniques used by advanced malware to avoid being analyzed in a virtualized environment. In this paper, we present and demonstrate our new Type-2 Fuzzy malicious behavior mining Ontology model and introduce the architecture created for malware behavioral analysis, with automated, physical-virtual environment, and a indicator extraction to construct domain knowledge for malware behavior approach. Experiment results show that the proposed approach can effectively execute malware behavior analysis to extract useful indicators. We have released this project under GNU General Public License version 3.