期刊名称:Karbala International Journal of Modern Science
印刷版ISSN:2405-609X
电子版ISSN:2405-609X
出版年度:2017
卷号:3
期号:1
页码:46-52
DOI:10.1016/j.kijoms.2017.02.004
语种:English
出版社:Elsevier
摘要:Abstract This paper presents a design for a honeypot smartphone system. The smartphone honeypot system has to perform several complex functions, the basic important three functions are: design and construct the system database, malware detection, and system reactions. During the construction of the system database various information, about the behaviour of various well known malicious applications is captured and saved in a database files using the hardware performance counters. Three features are used for this purpose: number of instructions, number of branches, and number of cache misses. A data set with 1260 malicious program is used to collect these features. One-dimensional Euclidian distance and multi-dimensional Euclidian distance are used to classify the samples from the data set to identify the family they belong to. Although the classification results were as low for some families, the algorithm is fully classified other families with 100% accuracy. The results indicate that the performance counters are good tools for detecting malware.
