(i) a high- level language for specifying signatures that describe seman- tic characteristics of malware families and (ii) a static anal- ysis for deciding if a given application matches a malware signature.


  • Key characteristic: registering a receiver for certain system events such as SMS messages or outgoing phone calls.

Datalog based language.

  • Component type predicates: receiver(r), service(s)
  • Control-flow predicates
  • Data-flow predicates

ICCG: seemingly important.

Android Malware Genome project

ProGuard Tool.

I think purely static method is stupid.

SAAF: program slicing to iden- tify suspicious method arguments

The Pegasus system: malware that can be identified by the order in which certain permissions and APIs are used. permission event graph (PEG).