DroidChain: A novel Android malware detection method based on behavior chains

The drastic increase of Android malware has led to strong interest in automating malware analysis. In this paper, to fight against malware variants and zero-day malware, we proposed DroidChain: a method combining static analysis and a behavior chain model. We transform the malware detection problem into more accessible matrix form. Using this method, we propose four kinds of malware models, including privacy leakage, SMS financial charges, malware installation, and privilege escalation. To reduce time complexity, we propose the WxShall-extend algorithm. We had moved the prototype to GitHub and evaluate using 1260 malware samples. Experimental malware detection results demonstrate accuracy, precision, and recall of 73%–93%, 71%–99%, and 42%–92%, respectively. Calculation time accounts for 6.58% of the well-known Warshall algorithm's expense. Results demonstrate that our method, which can detect four kinds of malware simultaneously, is better than Androguard and Kirin.