An Image-Inspired and CNN-Based Android Malware Detection Approach

Abstract-Until 2017, Android smartphones occupied approximately 87% of the smartphone market. The vast market also promotes the development of Android malware. Nowadays, the number of malware targeting Android devices found daily is more than 38,000. With the rapid progress of mobile application programming and anti-reverse-engineering techniques, it is harder to detect all kinds of malware. To address challenges in existing detection techniques, such as data obfuscation and limited code coverage, we propose a detection approach that directly learns features of malware from Dalvik bytecode based on deep learning technique (CNN). The average detection time of our model is0.22 seconds, which is much lower than other existing detection approaches. In the meantime, the overall accuracy of our model achieves over 93%.

[1]  Qinghua Zheng,et al.  Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis , 2018, IEEE Transactions on Information Forensics and Security.

[2]  Mengzhe Zhang,et al.  Quick and Accurate Android Malware Detection Based on Sensitive APIs , 2018, 2018 IEEE International Conference on Smart Internet of Things (SmartIoT).

[3]  Yu Zhang,et al.  RepassDroid: Automatic Detection of Android Malware Based on Essential Permissions and Semantic Features of Sensitive APIs , 2018, 2018 International Symposium on Theoretical Aspects of Software Engineering (TASE).

[4]  Sankardas Roy,et al.  Deep Ground Truth Analysis of Current Android Malware , 2017, DIMVA.

[5]  John H. Lawton,et al.  Sigmoid Functional Responses by Invertebrate Predators and Parasitoids , 1977 .

[6]  H. Robbins A Stochastic Approximation Method , 1951 .

[7]  Xiang Zhang,et al.  Character-level Convolutional Networks for Text Classification , 2015, NIPS.

[8]  Eul Gyu Im,et al.  Android malware classification method: Dalvik bytecode frequency analysis , 2013, RACS.

[9]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[10]  John A. Clark,et al.  SAFEDroid: Using Structural Features for Detecting Android Malwares , 2017, ATCS/SePrIoT@SecureComm.

[11]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[12]  Sheng Liang,et al.  Java Native Interface: Programmer's Guide and Specification , 1999 .

[13]  Curtis B. Storlie,et al.  Graph-based malware detection using dynamic analysis , 2011, Journal in Computer Virology.

[14]  Mauro Conti,et al.  ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[15]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[16]  Joon Ahn Deep Android Malware Detection , 2016 .