DroidChain: A novel malware detection method for Android based on behavior chain

Android malware threats have recently become a real concern. The growing amount and diversity of these applications render conventional defenses largely ineffective. To fight against malware variants and zero-day malware, this paper proposes DroidChain, a malware detection method based on behavior chain model, which is composed of typical behavior processes of Android apps. Using the method, we summarize four kinds of malware models, including privacy leakage, SMS financial charge, malware installation and privilege escalation. The detection of 1260 Android applications shows that the accuracy of this method reaches 81.8%.