Abstract
Malware, a significant threat to maintain a healthy Android ecosystem, always receives considerable attentions. This paper proposes a new dynamic Android malware classification approach by constructing and analyzing the dynamic behavior dependency graphs together with both framework-level function call behaviors and their data dependencies. Features are extracted from behavior graphs of different malware families in an automated fashion, and are used to classify unknown Android apps. Towards verification, a prototype system is implemented, and both malicious and benign apps are used for test. The experiment results show that 94.7% of the evaluated malware are correctly classified and our approach is robust and can defeat multiple attacks.