Abstract
In recent years, there is a rapid increase in the number of Android based malware. In this paper we propose a malware detection method using bytecode code image. We firstly extract bytecode file from Android APK file, and then convert the bytecode file into an image file. Finally we use convolution neural network (CNN) to classify malware. the proposed method directly convert a bytecode file into an image data, so CNN can automatically learn features of malware, and use the learned features to classify malware. Especially for malware which uses polymorphic techniques to encrypt functional code, the proposed method can detect it without using unpacking tools. The experimental results show it is feasible to detect malware using CNN, especially for detecting encrypted malware.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) Security and Privacy in Communication Networks. SecureComm 2013. LNICST, vol 127. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_6
Enck, W., et al.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM (2009)
Ding, Y., et al.: Control flow-based opcode behavior analysis for malware detection. Comput. Secur. 44(7), 65–74 (2014)
Chin, E., et al.: Analyzing inter-application communication in Android. In: International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)
Xu, R., et al.: Aurasium: practical policy enforcement for Android applications. In: Usenix Conference on Security Symposium, p. 27. USENIX Association (2012)
Xu, K., et al.: ICCDetector: ICC-based malware detection on Android. IEEE Trans. Inf. Forensics Secur. 11(6), 1252–1264 (2016)
Afonso, V.M., et al.: Identifying Android malware using dynamically obtained features. J. Comput. Virol. Hacking Tech. 11(1), 9–17 (2015)
Yuxin, D., et al.: A malware detection method based on family behavior graph. Comput. Secur. 73(1), 73–86 (2018)
Chan, P., et al.: Static detection of Android malware by using permissions and API calls. In: International Conference on Machine Learning and Cybernetics, pp. 82–87 (2015)
Aung, Z., et al.: Permission-based android malware detection. Int. J. Sci. Technol. Res. 2(3), 228–234 (2013)
Karbab, E.B., et al.: DySign: dynamic fingerprinting for the automatic detection of Android malware. In: International Conference on Malicious and Unwanted Software, pp. 1–8. IEEE (2017)
Zhang, X., et al.: Character-level convolutional networks for text classification. In: Advances in Neural Information Processing Systems, pp. 649–657 (2015)
Acknowledgements
This work was partially supported by Scientific Research Foundation in Shenzhen (Grant No. JCYJ20160525163756635), Guangdong Natural Science Foundation (Grant No. 2016A030313664) and Key Laboratory of Network Oriented Intelligent Computation (Shenzhen).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Ding, Y., Wu, R., Xue, F. (2018). Detecting Android Malware Using Bytecode Image. In: Xiao, J., Mao, ZH., Suzumura, T., Zhang, LJ. (eds) Cognitive Computing – ICCC 2018. ICCC 2018. Lecture Notes in Computer Science(), vol 10971. Springer, Cham. https://doi.org/10.1007/978-3-319-94307-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-94307-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94306-0
Online ISBN: 978-3-319-94307-7
eBook Packages: Computer ScienceComputer Science (R0)