Dataset for Android intrusion detection using process control block information
Description
This dataset consists of Process Control Block (PCB) data mined during the execution time of tested apps. The PCB data from 2620 malware-infested applications and 1610 benign applications were collected. The PCB data sequence was collected for 25 seconds, with an average of 18500 PCB records stored for each application. The mining method was implemented at the kernel level and synced with the process (job) context switching. The data for each program is stored in a separate CSV file and includes the PCB information for all threads running the application. The application automation testing and PCB gathering for benign and malicious applications were conducted in a closed dynamic malware analysis framework. The dataset can be used to evaluate and contrast benign and malicious Android programs' low-level (kernel) behavior. The mining approach effectively captured 99% of the context switches for the vast majority of tested applications.