A Novel Android Malware Detection Approach Based on Convolutional Neural Network

With the explosive growth of Android malware, there is a pressure for us to improve the performance of existing malware detection approaches. In this paper, we proposed DeepClassifyDroid, a novel android malware detection system based on deep learning. DeepClassifyDroid takes a three-step approach: feature extraction, feature embedding and deep learning based detection. The first and second steps perform a broad static analysis and generate five different feature sets. The last step performs malware detection based on convolutional neural networks. We evaluated our approach with different feature sets and compared with a variety of machine learning based approaches. Study shows that DeepClassifyDroid outperforms most existing machine learning based approaches and detects 97.4% of the malware with few false alarms. Moreover, our approach is 10 times faster than Linear-SVM and 80 times faster than kNN.

[1]  Sakir Sezer,et al.  Analysis of Bayesian classification-based approaches for Android malware detection , 2016, IET Inf. Secur..

[2]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[3]  Wenjia Li,et al.  DroidDeepLearner: Identifying Android malware using deep learning , 2016, 2016 IEEE 37th Sarnoff Symposium.

[4]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[5]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[6]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[7]  Alexander Ilin,et al.  Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[8]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[9]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[10]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[11]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[12]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[13]  Yanfang Ye,et al.  Deep4MalDroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs , 2016, 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW).

[14]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[15]  Zhenlong Yuan,et al.  Droid-Sec: deep learning in android malware detection , 2015, SIGCOMM 2015.