Over the years, digital traces have proven to be significant for analyzing IT systems, including applications. With the persistent threats arising from the widespread proliferation of malware and the evasive techniques employed by cybercriminals, researchers and application vendors alike are concerned about finding effective solutions. In this article, we assess a hybrid approach to detecting software vulnerabilities based on analyzing traces of application execution. To accomplish this, we initially extract permissions and features from manifest files. Subsequently, we employ a tracer to extract events from each running application, utilizing a set of elements that indicate the behavior of the application. These events are then recorded in a trace. We convert these traces into features that can be utilized by machine learning algorithms. Finally, to identify vulnerable applications, we train these features using six machine learning algorithms (KNN, Random Forest, SVM, Naive Bayes, Decision Tree-CART, and MLP). The selection of these algorithms is based on the outcomes of several preliminary experiments. Our results indicate that the SVM algorithm produces the best performance, followed by Random Forest, achieving an accuracy of 98%for malware detection and 96% for benign applications. These findings demonstrate the relevance and utility of analyzing real application behavior through event analysis.

Execution traces; events; vulnerability detection; malware; applications