Int J Performability Eng ›› 2018, Vol. 14 ›› Issue (3): 547-558.doi: 10.23940/ijpe.18.03.p15.547558

• Original articles • Previous Articles     Next Articles

Andro_MD: Android Malware Detection based on Convolutional Neural Networks

Nannan Xiea, b, Xiaoqiang Dia, b, *, Xing Wangc, and Jianping Zhaoa, b   

  1. aSchool of Computer Science and Technology, Changchun University of Science and Technology, Changchun, 130022, China
    bJilin Provincial Key Laboratory of Network and Information Security, Changchun, 130022, China
    cSchool of Computer Science and Information Technology, Beijing Jiaotong University, Beijing, 100044, China

Abstract: Android OS maintains its dominance in smart terminal markets, which brings growing threats of malicious applications (apps). The research on Android malware detection has attracted attention from both academia and industry. How to improve the malware detection performance, what classifiers should be selected, and what features should be employed are all critical issues that need to be solved. Convolutional Neural Networks (CNN) is a typical deep learning technique that has achieved great performance in image and speech recognitions. In this work, we present an Android malware detection framework Andro_MD that can train and classify samples with a deep learning technique. The framework includes dataset construction and feature preprocessing, training and classification by CNN, and evaluation by experiments. First, an Android app dataset is constructed with 21,000 samples collected from third-party markets and 34,570 features of 7 categories. Second, we employ sequential and parallel models to train the extracted features and classify the malware apps. Finally, extensive experimental results show the effectiveness and feasibility of the proposed method. Comparisons with similar work and traditional classifiers show that Andro_MD has a better performance on malware detection, and its accuracy can achieve 99.25% with a FPR of 0.53%. The "request permissions" and "used permissions" feature categories have better performances with limited dimensions.
Submitted on December 20, 2017; Revised on January 21, 2018; Accepted on February 24, 2018
References: 44