This project proposes a new technique for detecting mobile malware based on
information flow analysis. Our approach focuses on the structure of information flows
we gather in our analysis, and the patterns of behavior present in information flows.
Our analysis not only gathers simple flows that have a single source and a single sink,
but also Multi-Flows that either start from a single source and flow to
multiple sinks, or start from multiple sources and flow to a single sink. This
analysis captures more complex behavior that both recent malware and recent benign applications exhibit.
We leverage N-gram analysis to understand both unique and common behavioral patterns present
in Multi-Flows. Our tool leverages N-gram analysis over
sequences of API calls that occur along control flow paths in Multi-Flows
to precisely analyze Multi-Flows with respect to app behavior.
We show the precision of our technique by applying it on 5 different data sets with
the total of 6,214 apps---these data sets consist of older generation benign and malicious apps
as well as recent benign and malicious apps, showing the effectiveness of our
approach across different generations of apps.