DeepMal4J: Java Malware Detection Employing Deep Learning

  • Pallavi Kumari JhaEmail author
  • Prem Shankar
  • V. G. Sujadevi
  • P. Prabhaharan
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


Java is a cross-platform general purpose programming language. Hence, any Java based malware becomes a cross-platform threat. Since 3 Billion devices run Java, it is a serious threat. Currently, there is very little research done in the area of detection of Java malwares. As deep learning recently has proven to be effective in malware detection, we experimented with deep learning algorithms for detecting Java based malware. We name it DeepMal4J and evaluated using Long Short Term Memory (LSTM) and Gated Recurrent Unit (GRU). Our work is a first attempt to use deep neural network for the detection of Java malwares. Our system achieved accuracy of 93.33% using LSTM. This is the first ever reported results of deep learning for Java malware detection. We also present the comparison of performances and accuracy rates. Our system can be scaled up for large scale malware analysis.


Malware detection Deep learning LSTM GRU JIVE 


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007. IEEE (2007)Google Scholar
  5. 5.
    Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5(02), 56 (2014)Google Scholar
  6. 6.
    Hardy, W., et al.: DL4MD: a deep learning framework for intelligent malwares detection. In: Proceedings of the International Conference on Data Mining (DMIN). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2016)Google Scholar
  7. 7.
    Pascanu, R., et al.: Malwares classification with recurrent networks. In: 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE (2015)Google Scholar
  8. 8.
    Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE). IEEE (2015)Google Scholar
  9. 9.
    You, I., Yim, K.: Malware obfuscation techniques: a brief survey. 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA). IEEE (2010)Google Scholar
  10. 10.
    Ganesh, N., et al.: Static analysis of malicious Java applets. In: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics. ACM (2016)Google Scholar
  11. 11.
    Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. In: Advances in Neural Information Processing Systems (2014)Google Scholar
  12. 12.
    Socher, R., et al.: Recursive deep models for semantic compositionality over a sentiment treebank. In: Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing (2013)Google Scholar
  13. 13.
    Herrera, A., Cheney, B.: JMD: a hybrid approach for detecting Java malware. In: Proceedings of the 13th Australasian Information Security Conference (AISC 2015), vol. 27 (2015)Google Scholar
  14. 14.
  15. 15.
    Wang, X., Yiu, S.M.: A multi-task learning model for malware classification with useful file access pattern from API call sequence. arXiv preprint arXiv:1610.05945 (2016)
  16. 16.
    Wang, X.: An automatic analysis and detection tool for Java exploits. Virus Bulletin (2013)Google Scholar
  17. 17.
    Soman, S., Krintz, C., Vigna, G.: Detecting malicious java code using virtual machine auditing. In: Proceedings of the 12th Conference on USENIX Security Symposium, SSYM 2003, vol. 12, p. 11. USENIX Association, Berkeley (2003)Google Scholar
  18. 18.
    Kouznetsov, P.: JAD-the fast JAva Decompiler (2006).
  19. 19.
    Gestwicki, P.V., Jayaraman, B.: JIVE: Java interactive visualization environment. In: Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications. ACM (2004)Google Scholar
  20. 20.
    Yao, K., Zweig, G., Hwang, M.-Y., Shi, Y., Yu, D.: Recurrent neural networks for language understanding. In: InterSpeech, pp. 2524–2528 (2013)Google Scholar
  21. 21.
    Vukotic, V., Raymond, C., Gravier, G.: Is it time to switch to word embedding and recurrent neural networks for spoken language understanding?. In: InterSpeech, Dresde, Germany (2015)Google Scholar
  22. 22.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  23. 23.
    Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with LSTM. Neural Comput. 12(10), 2451–2471 (2000)CrossRefGoogle Scholar
  24. 24.
    Chung, J., Gulcehre, C., Cho, K., Bengio, Y.: Empirical evaluation of gated recurrent neural networks on sequence modeling. arXiv preprint arXiv:1412.3555 (2014)
  25. 25.
    Vukotic, V., Raymond, C., Gravier, G.: A step beyond local observations with a dialog aware bidirectional GRU network for Spoken Language Understanding. In: Interspeech (2016)Google Scholar
  26. 26.
    Abadi, M., et al.: TensorFlow: a system for large-scale machine learning. In: OSDI, vol. 16 (2016)Google Scholar
  27. 27.
    Yuan, Z., et al.: Droid-Sec: deep learning in Android malware detection. ACM SIGCOMM Comput. Commun. Rev. 44(4), 371–372 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Pallavi Kumari Jha
    • 1
    Email author
  • Prem Shankar
    • 1
  • V. G. Sujadevi
    • 1
  • P. Prabhaharan
    • 1
  1. 1.Department of Cyber Security Systems and Networks, Amrita School of EngineeringAmrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations