A Robust Approach for Android Malware Detection Based on Deep Learning

doi:10.3969/j.issn.0372-2112.2020.08.007

PDF(867 KB)

ACTA ELECTRONICA SINICA ›› 2020, Vol. 48 ›› Issue (8) : 1502-1508. DOI: 10.3969/j.issn.0372-2112.2020.08.007

A Robust Approach for Android Malware Detection Based on Deep Learning

LI Peng-wei, JIANG Yu-qian, XUE Fei-yang, HUANG Jia-jia, XU Chao

Author information +

History +

Abstract

Conventional Android malware detection method can easily be evaded. In this study, we propose a detection method of Android malicious code based on short-term memory network (LSTM), which makes malware more difficult to evade from detection. In this method, a program analysis framework that combines static and dynamic analysis is proposed at first to get the permission information, protection information and behavior information. Secondly, entrenched features such as ability features and behavior features are extracted from the information that provided by the program analysis framework. With the entrenched features, we design a malware detection method based on LSTM model to distinguish benign applications from the malicious ones. Experimental results demonstrate that our approach is more effective and robust in Android malware detection than the state-of-the-art methods.

Key words

android malware / static analysis / dynamic analysis / deep learning / LSTM

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

LI Peng-wei, JIANG Yu-qian, XUE Fei-yang, HUANG Jia-jia, XU Chao. A Robust Approach for Android Malware Detection Based on Deep Learning[J]. Acta Electronica Sinica, 2020, 48(8): 1502-1508. https://doi.org/10.3969/j.issn.0372-2112.2020.08.007

References

[1] 腾讯移动安全实验室.2019年上半年手机安全报告[OL].https://m.qq.com/security_lab/news_detail_517.html,2019-07-18/2020-03-01.
[2] Naway A,Li Y.A review on the use of deep learning in android malware detection[J].International Journal of Computer Science and Mobile Computing,2018,7(10):42-58.
[3] Huang H,Cong Z,Zeng J,et al.Android malware development on public malware scanning platforms:A large-scale data-driven study[A].Proceedings of the IEEE International Conference on Big Data[C].Washington D.C:IEEE,2016.1090-1099.
[4] Yang W,Zhang Y,Li J,et al.Appspear:Bytecode decrypting and dex reassembling for packed android malware[A].International Workshop on Recent Advances in Intrusion Detection[C].Cham:Springer,2015.359-381.
[5] 乐洪舟,张玉清,王文杰,等.Android 动态加载与反射机制的静态污点分析研究[J].计算机研究与发展,2017,54(2):313-327. Yue Hongzhou,Zhang Yuqing,Wang Wenjie,et al.Android static taint analysis of dynamic loading and reflection mechanism[J].Journal of Computer Research and Development,2017,54(2):313-327.(in Chinese)
[6] Wang X,Zhu S,Zhou D,et al.Droid-AntiRM:Taming control flow anti-analysis to support automated dynamic analysis of android malware[A].Proceedings of the 33rd Annual Computer Security Applications Conference[C].USA:ACM,2017.350-361.
[7] Hoffmann J,Ussath M,Holz T,et al.Slicing droids:Program slicing for smali code[A].Proceedings of the 28th Annual ACM Symposium on Applied Computing[C].USA:ACM,2013.1844-1851.
[8] Arzt S,Rasthofer S,Fritz C,et al.Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android Apps[J].ACM SIGPLAN Notices,2014,49(6):259-269.
[9] Li L,Bartel A,Klein J,et al.I know what leaked in your pocket:Uncovering privacy leaks on android apps with static taint analysis[J].arXiv Preprint,2014,arXiv:1404.7431.
[10] Enck W,Gilbert P,Han S,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems(TOCS),2014,32(2):5.
[11] Arp D,Spreitzenbarth M,Hubner M,et al.DREBIN:Effective and explainable detection of android malware in your pocket[A].Proceedings of the Network and Distributed System Security Symposiu[C].SanDiego:ISOC,2014.1-12.
[12] Feizollah A,Anuar N B,Salleh R,et al.AndroDialysis:Analysis of android intent effectiveness in malware detection[J].Computers & Security,2017,65:121-134.
[13] Pengwei LI,Jianming FU,Chao XU,et al.Differentiating malicious and benign android App operations using second-step behavior features[J].Chinese Journal of Electronics,2019,28(5):944-952.
[14] 王兆国,李城龙,张洛什,等.一种基于行为链的 Android 应用隐私窃取检测方法[J].电子学报,2015,43(9):1750-1755. WANG Zhao-guo,LI Cheng-long,ZHANG Luo-shi,et al.A privacy stealing detection method based on behavior-chain for android applications[J].Acta Electronica Sinica,2015,43(9):1750-1755.(in Chinese)
[15] 张鹏,牛少彰,黄如强.基于资源签名的 Android 应用相似性快速检测方法[J].电子学报,47(9):1913-1918. ZHANG Peng,NIU Shao-zhang,HUANG Ru-qiang.A fast and resource-based detection approach of similar android application[J].Acta Electronica Sinica,2019,47(9):1913-1918.(in Chinese)
[16] 王蕊,苏璞睿,杨轶,等.一种抗混淆的恶意代码变种识别系统[J].电子学报,2011,39(10):2322-2330. WANG Rui,SU Purui,YANG Yi,et al.An anti obfuscation malware variants identification system[J].Acta Electronica Sinica,2011,39(10):2322-2330.(in Chinese)
[17] Mclaughlin N,Rincon J M D,Kang B J,et al.Deep android malware detection[A].Proceedings of the ACM Conference on Data & Application Security & Privacy[C].Scottsdale,AZ:ACM,2017.301-308.
[18] Zhenlong,Yuan,Yongqiang,et al.Droid detector:Android malware characterization and detection using deep learning[J].Tsinghua Science & Technology,2016,21(1):114-123.
[19] Desnos A.Androguard:Reverse Engineering,Malware and Goodware Analysis of Android Applications and More[OL].https://code.google.com/p/androguard/,2013-03-26/2020-03-01.
[20] UI/Application Exerciser[OL].http://Monkey.developer.android.com/guide/developing/tools/monkey.html,2020-03-01.
[21] Li Y,Yang Z,Guo Y,et al.Droidbot:A lightweight UI-guided test input generator for android[A].IEEE/ACM 39th International Conference on Software Engineering Companion(ICSE-C)[C].USA:IEEE,2017.23-26.
[22] Seveniruby.基于appium的app自动遍历工具[OL].https://github.com/seveniruby/AppCrawler,2020-03-01.
[23] Jonathan.Appium:Mobile App Automation Made Awesome[OL].http://appium.io/,2020-03-01.
[24] Li B,Zhang Y,Li J,et al.AppSpear:Automating the hidden-code extraction and reassembling of packed android malware[J].Journal of Systems and Software,2018,140:3-16.
[25] Alex Black.Deep Learning for Java,Scala & Clojure on Hadoop,Spark & GPUs [OL].https://github.com/eclipse/deeplearning4j,2020-03-01.
[26] Arash Habibi Lashkari,Andi Fitriah A Kadir,Hugo Gonzalez,et al.Towards a network based framework for android malware detection and characterization[A].Proceedings of the 15th International Conference on Privacy,Security and Trust[C].Calgary:IEEE,2017.233-234.
[27] Jiang X,Zhou Y.Dissecting android malware:Characterization and evolution[A].Proceedings of the IEEE Symposium on Security and Privacy[C].San Francisco’Bay Area:IEEE,2012.95-109.
[28] Wei F,Li Y,Roy S,et al.Deep ground truth analysis of current android malware[A].Proceedings of the International Conference on Detection of Intrusions and Malware,And Vulnerability Assessment[C].Bonn:SIDAR,2017.252-276.
[29] Shiqi L,Shengwei T,Long Y,et al.Android malicious code classification using deep belief network[J].KSII Trans on Internet Inf Syst,2018,12(1):454-475.
[30] Martinelli F,Marulli F,Mercaldo F.Evaluating convolutional neural network for effective mobile malware detection[J].Procedia Comput Sci,2017,1(112):2372-2381.
[31] Alshahrani H,Mansourt H,Thorn S,et al.DDefender:Android application threat detection using static and dynamic analysis[A].Proceedings of the International Conference on Consumer Electronics[C].Las Vegas:IEEE,2018.1-6.
[32] Vinayakumar R,Soman K P,Poornachandran P,Sachin Kumar S.Detecting Android malware using Long Short-term Memory(LSTM)[J].J Intell Fuzzy Syst,2018,34(3):1277-1288.

Funding

National Natural Science Foundation of China (No.61802194, No.61902190); Natural Science Research Program of Universities in Jiangsu Province (No.17KJB520015, No.19KJB520040); supported by Collaborative Innovation Center for Audit Information and Engineering (No.18CICA06)