Dataset for Android intrusion detection using process control block information

This dataset consists of Process Control Block (PCB) data mined during the execution time of tested apps. The PCB data from 2620 malware-infested applications and 1610 benign applications were collected. The PCB data sequence was collected for 25 seconds, with an average of 18500 PCB records stored for each application. The mining method was implemented at the kernel level and synced with the process (job) context switching. The data for each program is stored in a separate CSV file and includes the PCB information for all threads running the application. The application automation testing and PCB gathering for benign and malicious applications were conducted in a closed dynamic malware analysis framework. The dataset can be used to evaluate and contrast benign and malicious Android programs' low-level (kernel) behavior. The mining approach effectively captured 99% of the context switches for the vast majority of tested applications.

本数据集由测试应用执行期间挖掘出的进程控制块（PCB）数据构成。该数据集涵盖了2620个恶意应用和1610个良性应用的PCB数据。针对每个应用，均收集了持续25秒的PCB数据序列，平均存储了18500条PCB记录。数据挖掘方法在内核层面实施，并与进程（作业）的上下文切换同步。每个程序的数据存储在单独的CSV文件中，包含了运行该应用的全部线程的PCB信息。良性及恶意应用的自动化测试和PCB收集均在封闭的动态恶意软件分析框架中进行。该数据集可用于评估和对比良性与恶意Android程序的低级别（内核）行为。数据挖掘方法有效地捕捉了绝大多数测试应用中99%的上下文切换。