Abstract
Despite the large number of approaches proposed for detecting malicious applications targeting platforms such as Android, malware continuously evolves in order to avoid its detection and reach the users. Likewise, malware detection engines are continuously improved, trying to detect the most modern malware. Most of these detection tools employ signatures or machine learning models, trained on thousands of features, such as API calls, permissions or using taint analysis, among many others, and using machine learning classification algorithms such as decision trees, ensemble methods or deep learning. However, the use of these features leads to biased models due to the use of limited datasets, without considering the real semantics (goals and intentions) of the malicious sample. In this paper, we conduct an initial study of the use of context and semantic aware embeddings generated with the CodeT5 pre-trained language model for a better representation of the behaviour of Android applications. After decompiling a sample to Java, it is possible to generate embeddings from chunks of the source code, generating a rich representation of the sample. We show how these embeddings can be used to train a recurrent neural network for malware detection tasks, evidencing promising results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chen, T., Mao, Q., Lv, M., Cheng, H., Li, Y.: Droidvecdeep: android malware detection based on word2vec and deep belief network. KSII Trans. Internet Inform. Syst. (TIIS) 13(4), 2180–2197 (2019)
Duarte-Garcia, H.L., et al.: A semi-supervised learning methodology for malware categorization using weighted word embeddings. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 238–246. IEEE (2019)
Jha, A., Reddy, C.K.: Codeattack: Code-based adversarial attacks for pre-trained programming language models. arXiv preprint arXiv:2206.00052 (2022)
Martín, A., Calleja, A., Menéndez, H.D., Tapiador, J., Camacho, D.: Adroit: Android malware detection using meta-information. In: 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–8. IEEE (2016)
Martín, A., Hernandez-Castro, J., Camacho, D.: An in-depth study of the jisut family of android ransomware. IEEE Access 6, 57205–57218 (2018)
Martín, A., Menéndez, H.D., Camacho, D.: Mocdroid: multi-objective evolutionary classifier for android malware detection. Soft Comput. 21(24), 7405–7415 (2016)
Martín, A., Rodríguez-Fernández, V., Camacho, D.: Candyman: classifying android malware families by modelling dynamic traces with markov chains. Eng. Appl. Artif. Intell. 74, 121–133 (2018)
Martín, A., Lara-Cabrera, R., Camacho, D.: Android malware detection through hybrid features fusion and ensemble classifiers: the andropytool framework and the omnidroid dataset. Inform. Fusion 52, 128–142 (2019)
Mimura, M., Tajiri, Y.: Static detection of malicious powershell based on word embeddings. Internet of Things 15, 100404 (2021)
Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and api calls. In: 2013 IEEE 25th international conference on tools with artificial intelligence, pp. 300–305. IEEE (2013)
Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., Xiang, Y.: A survey of android malware detection with deep neural models. ACM Comput. Surveys (CSUR) 53(6), 1–36 (2020)
Vaswani, A., et al.: Attention is all you need. Adv. Neural Inform. Process. Syst. 30 (2017)
Wang, Y., Wang, W., Joty, S., Hoi, S.C.: Codet5: Identifier-aware unified pre-trained encoder-decoder models for code understanding and generation. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pp. 8696–8708 (2021)
Zhang, J., Qin, Z., Yin, H., Ou, L., Zhang, K.: A feature-hybrid malware variants detection using cnn based opcode embedding and bpnn based api embedding. Comput. Security 84, 376–392 (2019)
Acknowledgements
This research has been supported by Comunidad Autónoma de Madrid under S2018/ TCS-4566 (CYNAMON) grant, by the Spanish Ministry of Science and Education under FightDIS (PID2020-117263GB-100) and by Comunidad Autónoma de Madrid under: “Convenio Plurianual with the Universidad Politécnica de Madrid in the actuation line of Programa de Excelencia para el Profesorado Universitario”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
García-Soto, E., Martín, A., Huertas-Tato, J., Camacho, D. (2023). Android Malware Detection Through a Pre-trained Model for Code Understanding. In: Bravo, J., Ochoa, S., Favela, J. (eds) Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022). UCAmI 2022. Lecture Notes in Networks and Systems, vol 594. Springer, Cham. https://doi.org/10.1007/978-3-031-21333-5_105
Download citation
DOI: https://doi.org/10.1007/978-3-031-21333-5_105
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21332-8
Online ISBN: 978-3-031-21333-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)