Android malware activation strategies comparison for dynamic detection

Dynamic malware detection is performed by monitoring system parameters at runtime (i.e., behavior of applications is monitored as they run on the system). To collect data necessary for the development of such detection methods, applications need to be run in a controlled environment and malware need to be properly triggered. Some methods are totally random (i.e., the exerciser creates a predefined number of events), while some others are based on GUI models (i.e., generated events are generated by using a library of different user interfaces). Goal of this project is to compare different methods for exercising applications, with the purpose of verifying that there is a significant difference between the methods. The project was performed by using already available malware samples and the comparison was performed by considering results obtained at USI. Results were obtained sufficient to say that there is a difference in some of the features extracted while in others is less significant.