Andro_MD: Android Malware Detection based on Convolutional Neural Networks

摘要

Android OS maintains its dominance in smart terminal markets, which brings growing threats of malicious applications (apps). The research on Android malware detection has attracted attention from both academia and industry. How to improve the malware detection performance, what classifiers should be selected, and what features should be employed are all critical issues that need to be solved. Convolutional Neural Networks (CNN) is a typical deep learning technique that has achieved great performance in image and speech recognitions. In this work, we present an Android malware detection framework Andro_MD that can train and classify samples with a deep learning technique. The framework includes dataset construction and feature preprocessing, training and classification by CNN, and evaluation by experiments. First, an Android app dataset is constructed with 21,000 samples collected from third-party markets and 34,570 features of 7 categories. Second, we employ sequential and parallel models to train the extracted features and classify the malware apps. Finally, extensive experimental results show the effectiveness and feasibility of the proposed method. Comparisons with similar work and traditional classifiers show that Andro_MD has a better performance on malware detection, and its accuracy can achieve 99.25% with a FPR of 0.53%. The "request permissions" and "used permissions" feature categories have better performances with limited dimensions.