(i) a high- level language for specifying signatures that describe seman- tic characteristics of malware families and (ii) a static anal- ysis for deciding if a given application matches a malware signature.
- Key characteristic: registering a receiver for certain system events such as SMS messages or outgoing phone calls.
Datalog based language.
- Component type predicates: receiver(r), service(s)
- Control-flow predicates
- Data-flow predicates
ICCG: seemingly important.
Android Malware Genome project
I think purely static method is stupid.
SAAF: program slicing to iden- tify suspicious method arguments
The Pegasus system: malware that can be identified by the order in which certain permissions and APIs are used. permission event graph (PEG).