Abstract
Traditional machine learning based malware detection methods often use decompiling techniques or dynamic monitoring techniques to extract the feature representation of malware. This procedure is time consuming and strongly depends on the skills of experts. In addition, malware can be packed or encrypted to evade the analysis of decompiling tools. To solve this issue, we propose a static detection method based on deep learning. We directly extract bytecode file from Android APK file, and convert the bytecode file into a two-dimensional bytecode matrix, then use the deep learning algorithm, convolution neural network (CNN), to train a detection model and apply it to classify malware. CNN can automatically learn features of bytecode file which can be used to recognize malware. The proposed detection model avoids the procedure for analyzing malware features and designing the feature representation of malware. The experimental results show the proposed method is effective to detect malware, especially malware encrypted using polymorphic techniques.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aafer Y, Du W, Yin H (2013) Droid APIMiner: mining API-level features for robust malware detection in android. In: Proceedings of the international conference on security and privacy in communication systems: security and privacy in communication networks, pp 86–103
Afonso VM, de Amorim MF, Grégio ARA et al (2015) Identifying android malware using dynamically obtained features. J Comput Virol Hacking Tech 11:9–17
Ahmed A, Jabbar W, Sadiq A et al (2020) Deep learning-based classification model for botnet attack detection. J Ambient Intell Hum Comput. https://doi.org/10.1007/s12652-020-01848-9
Alejandro M, Raúl LC, David C (2019) Android malware detection through hybrid features fusion and ensemble classifiers: the AndroPyTool framework and the OmniDroid dataset. Inf Fusion 52:128–142
Alzaylaee M, Yerima S, Sezer S (2017) EMULATOR vs REALPHONE: android malware detection using machine learning. In: Proceedings of the 3rd ACM international workshop on security and privacy analytics (IWSPA’17), pp 65–72
Aung Z, Zaw W (2013) Permission-based android malware detection. Int J Sci Technol Res 2(3):228–234
Cesare S, Xiang Y, Zhou W (2014) Control flow-based malware variant detection. IEEE Trans Dependable Secure Comput 11(4):307–317
Chan PPK, Song WK (2015) Static detection of android malware by using permissions and API calls. In: Proceedings of the international conference on machine learning and cybernetics, pp 82–87
Malware Definition (2019) Wikipedia the free Encyclopedia. https://en.wikipedia.org/wiki/Malware#citenote-2. Accessed 25 June 2019
Ding Y, Zhu S (2019) Malware detection based on deep learning algorithm. Neural Comput Appl 31(2):461–472
Fan M, Liu J, Wang W, Li H, Tian Z, Liu T (2017) DAPASA: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans Inf Forensics Secur 12(8):1772–1785
Huda S, Abawajy J, Alazab M, Abdollalihian M, Islam R, Yearwood J (2016) Hybrids of support vector machine wrapper and filter based framework for malware detection. Future Gener Comput Syst 55:376–390
Huda S, Miah S, Mehedi Hassan M, Islam R, Yearwood J, Alrubaian M, Almogren A (2017) Defending unknown attacks on cyber-physical systems by semi supervised approach and available unlabeled data. Inf Sci 379:211–228
Krizhevsky A, Sutskever I, Hinton G (2012) Imagenet classification with deep convolutional neural networks. In: Proceedings of the 25th international conference on neural information processing systems, pp 1097–1105
Lindorfer M, Di Federico A, Maggi F, Comparetti P, Zanero S (2012) Lines of malicious code: Insights into the malicious software industry. In: Proceedings of the IEEE annual computer security applications conference, pp 349–358
Long NV, Ahn J, Jung S (2019) Android fragmentation in malware detection. Comput Secur. https://doi.org/10.1016/j.cose.2019.101573
Mahindru A, Singh P (2017) Dynamic permissions based android malware detection using machine learning techniques. In: Proceedings of the 10th innovations in software engineering conference, pp 202–210
Mitchell TM (1997) Machine learning. The McGraw-Hill Companies, Inc., New York (ISBN 0071154671)
Mohaisen A, Alrawi O, Mohaisen M (2015) AMAL: high fidelity, behavior-based automated malware analysis and classification. Comput Secur 52:251–266
Ni Z, Yang M, Ling Z, Wu J, Luo J (2016) Real-time detection of malicious behavior in android apps. In: Proceedings of the international conference on advanced cloud and big data (CBD), pp 221–227
Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and API calls. In: Proceedings of the IEEE 25th international conference on tools with artificial intelligence, pp 300–306
Pektas A, Acarman T (2017) Classification of malware families based on runtime behaviors. J Inf Secur Appl 37:91–100
Pirscoveanu R, Hansen S, Larsen T, Stevanovic M, Pedersen J, Czech A (2015) Analysis of malware behavior: type classification using machine learning. In: Proceedings of the IEEE international conference on cyber situational awareness, data analytics and assessment, pp 1–7
Searles R, Xu L, Killian W, Vanderbruggen T, Forren T, Howe J, Cavazos J (2017) Parallelization of machine learning applied to call graphs of binaries for malware detection. In: Proceedings of the IEEE 25th Euromicro international conference on parallel, distributed and network-based processing, pp 69–77
Shorman A, Faris H, Aljarah I (2019) Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection. J Ambient Intell Hum Comput. https://doi.org/10.1007/s12652-019-01387-y
Stiborek J, Pevný T, Rehák M (2018) Multiple instance learning for malware classification. Expert Syst Appl 93:346–357
Wang X, Wang W, He Y, Liu J, Han Z, Zhang X (2017) Characterizing Android apps behavior for effective detection of malapps at large scale. Future Gener Comput Syst 75:30–45
Wang W, Zhao M, Wang J (2019) Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J Ambient Intell Hum Comput 10:3035–3043
Xu K, Li Y, Deng RH (2016) ICCDetector: ICC-based malware detection on Android. IEEE Trans Inf Forensics Secur 11(6):1252–1264
Zhang X et al (2015) Character-level convolutional networks for text classification. In: Proceedings of the international conference on neural information processing systems, pp 649–657
Zhong W, Gu F (2019) A multi-level deep learning system for malware detection. Expert Syst Appl 133:151–162
Acknowledgements
This research was funded by Scientific Research Foundation in Shenzhen, Grant numbers JCYJ20180525163756635 and JCYJ20180507183608379, Guangdong Natural Science Foundation, Grant number 2016A030313664, the National Key R&D Program of China under (Grant nos. 2018YFB1003800, 2018YFB1003805), and the National Natural Science Foundation of China (Grant no. 61872107).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ding, Y., Zhang, X., Hu, J. et al. Android malware detection method based on bytecode image. J Ambient Intell Human Comput 14, 6401–6410 (2023). https://doi.org/10.1007/s12652-020-02196-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02196-4