TSDroid: A Novel Android Malware Detection Framework Based on Temporal & Spatial Metrics in IoMT

In the era of smart healthcare tremendous growth, plenty of smart devices facilitate cognitive computing for the purposes of lower cost, smarter diagnostic, etc. Android system has been widely used in the field of IoMT, and as the main operating system. However, Android malware is becoming one major security concern for healthcare, by the serious threat for our medical software assets, like the leakage of private information, the abusing of critical operations, etc. Unfortunately, the existing methods focus on building sustainable classification models, without fully considering system API which is the key to model aging. Compared to the traditional methods, we apply the lifeCycle of API as temporal metric. In addition to the temporal view, the “sizes” of the APPs are utilized as spatial metric in the spatial view. Based on this, we firstly discuss the temporal and spatial metrics together in terms of clustering, and then propose our novel framework-TSDroid. In this framework, we use TS-based clustering algorithm to obtain clustering subsets to enhance the detection capability. We have carried out an experimental verification on three existing excellent methods (i.e., Drebin, HinDroid, and DroidEvolver) and obtain good promotion effects by our framework.