Malicious Code Detection Based on Code Semantic Features

With the development of smart phones, malicious applications for the Android platform have increased dramatically. The existing Android malicious code analysis methods majorly focus on detection based on signatures, inter-component communication, and other configuration information features. Such methods ignore the effect of the semantic features of the malicious code. Even a few such studies that exist are based on the statistical features of the code for malicious code detection. To address these shortcomings, we (1) use the code semantic structure features to reflect deep semantic information, (2) propose a preprocessing method of APK files to generate graphics that reflect the code semantic features, and (3) introduce the advanced graphical semantics for a graph convolutional network (GCN) model to automatically identify and learn semantics and extract features for malicious code detection. Experiments on a dataset confirm that the proposed method can achieve 95.8% detection accuracy. Compared with the existing methods that adopt configuration information features or statistical features of codes, our method shows higher accuracy.

[1]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[2]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[3]  Hung-Min Sun,et al.  An Android mutation malware detection based on deep learning using visualization of importance from codes , 2019 .

[4]  Jinhui Tang,et al.  Host–Parasite: Graph LSTM-in-LSTM for Group Activity Recognition , 2020, IEEE Transactions on Neural Networks and Learning Systems.

[5]  Antonella Santone,et al.  Deep learning for image-based mobile malware detection , 2020, Journal of Computer Virology and Hacking Techniques.

[6]  Sam Malek,et al.  Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware , 2018, ACM Trans. Softw. Eng. Methodol..

[7]  Takeshi Yagi,et al.  Malware Detection with Deep Neural Network Using Process Behavior , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[8]  Boudhir Anouar Abdelhakim,et al.  Permission based malware detection in android devices , 2018 .

[9]  Sotiris Ioannidis,et al.  Rage against the virtual machine: hindering dynamic analysis of Android malware , 2014, EuroSec '14.

[10]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[11]  Jinhui Tang,et al.  Coherence Constrained Graph LSTM for Group Activity Recognition , 2019, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[12]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[13]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[14]  Bingcai Chen,et al.  End-to-end malware detection for android IoT devices using deep learning , 2020, Ad Hoc Networks.

[15]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[16]  Jiehua Zhu,et al.  National Natural Science Foundation of China (NSFC) , 2013 .

[17]  Claudia Eckert,et al.  Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.

[18]  Diego Marcheggiani,et al.  Encoding Sentences with Graph Convolutional Networks for Semantic Role Labeling , 2017, EMNLP.

[19]  Gaofeng Meng,et al.  Learning graph structure via graph convolutional networks , 2019, Pattern Recognit..

[20]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[21]  Jacques Klein,et al.  Machine Learning-Based Malware Detection for Android Applications: History Matters! , 2014 .

[22]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[23]  Shengwei Tian,et al.  AMalNet: A deep learning framework based on graph convolutional networks for malware detection , 2020, Comput. Secur..