An Android mutation malware detection based on deep learning using visualization of importance from codes

Abstract Smartphone use, especially the Android platform, has already got 80% market shares, due to an aforementioned [where?] report, it becomes an attacker's primary objective. There is a growing number of storing private data onto smart phones and low safety defense measures, attackers can use multiple ways to launch and attack user's smartphones. (e.g. Using different coding style to confuse the malware detecting software). Existing Android malware detection methods use multiple features, like safety sensor API, system call, control flow structure and data information flow, then also machine learning to check whether its malware or not. These features provide app's unique property and limitation, that is to say, from some perspectives it might suit for some specific attack, but wouldn't suit for others. Nowadays most malware detection methods use only one of the aforementioned features, and these methods mostly analyze to detect code, but facing the malware code confusion and zero-day attacks, the aforementioned feature's extraction method may cause wrong judgement. So, it's necessary to design an effective technique analysis to prevent malware. In this paper, we use the importance of words from an apk, because of code confusion, some malware attackers only rename variables. If using general static analysis cannot judge correctly, then we use these importance values to go through our proposed method to generate an image, finally use a convolutional neural network to decide whether the apk file is malware or not.