Visible to the public Android Malware Detection Using Convolutional Neural Networks and Data Section Images

TitleAndroid Malware Detection Using Convolutional Neural Networks and Data Section Images
Publication TypeConference Paper
Year of Publication2018
AuthorsJung, Jaemin, Choi, Jongmoo, Cho, Seong-je, Han, Sangchul, Park, Minkyu, Hwang, Youngsup
Conference NameProceedings of the 2018 Conference on Research in Adaptive and Convergent Systems
PublisherACM
ISBN Number978-1-4503-5885-9
KeywordsAndroid malware, CNN, data section, grayscale image, pubcrawl, Resiliency, Scalability, security, Stochastic computing
AbstractThe paper proposes a new technique to detect Android malware effectively based on converting malware binaries into images and applying machine learning techniques on those images. Existing research converts the whole executable files (e.g., DEX files in Android application package) of target apps into images and uses them for machine learning. However, the entire DEX file (consisting of header section, identifier section, data section, optional link data area, etc.) might contain noisy information for malware detection. In this paper, we convert only data sections of DEX files into grayscale images and apply machine learning on the images with Convolutional Neural Networks (CNN). By using only the data sections for 5,377 malicious and 6,249 benign apps, our technique reduces the storage capacity by 17.5% on average compared to using the whole DEX files. We apply two CNN models, Inception-v3 and Inception-ResNet-v2, which are known to be efficient in image processing, and examine the effectiveness of our technique in terms of accuracy. Experiment results show that the proposed technique achieves better accuracy with smaller storage capacity than the approach using the whole DEX files. Inception-ResNet-v2 with the stochastic gradient descent (SGD) optimization algorithm reaches 98.02% accuracy.
DOI10.1145/3264746.3264780
Citation Keyjung_android_2018