Android malware datasets.
In this project, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011.
Publication Dissecting Android Malware: Characterization and Evolution. Yajin Zhou, Xuxian Jiang. Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012). San Francisco, CA, May 2012
Homepage (No longer supported) http://www.malgenomeproject.org
M0Droid basically is android application behavioral pattern recognition tool which is used to identify android malwares and categorize them according to their behavior. It utilized a kernel level hook to capture all system call requests of the application and then generate a signature for the behavior of the application.
Publication Damshenas M, Dehghantanha A, Choo K K R, et al. M0droid: An android behavioral-based malware detection model[J]. Journal of Information Privacy and Security, 2015, 11(3): 141-157.
Homepage http://m0droid.netai.net/modroid/
Blog http://www.alid.info/blog/2015/2/4/android-malware-research-dataset
The dataset contains 5,560 applications from 179 different malware families. The samples have been collected in the period of August 2010 to October 2012 and were made available to us by the MobileSandbox project. You can find more details on the dataset in the paper.
Publication Arp D, Spreitzenbarth M, Hubner M, et al. Drebin: Efficient and explainable detection of android malware in your pocket[C]//Proc. of 17th Network and Distributed System Security Symposium, NDSS. 14.
Homepage http://user.informatik.uni-goettingen.de/~darp/drebin/
*The dataset is a collection of Android based malware seen in the wild. The malware pieces were downloaded on October 26th, 2011. The total number of malware included in the sample is 189. I have qualitatively split them into categories based on their primary behaviours where available. I obtained their primary behaviours from malware reports from the various AV companies.If the malware would download a separate payload as its primary function, it was put in the Trojan category. If the malware executed an escalation of privilege attack, it was in the escalation of privilege category. If the malware primarily stole data from the phone, it was classified as information stealing. If the malware sent premium SMS messages, it was a premium SMS transmitting malware. *
Homepage http://cgi.cs.indiana.edu/~nhusted/dokuwiki/doku.php?id=datasets