Next Article in Journal
UAV Positioning Mechanisms in Landing Stations: Classification and Engineering Design Review
Previous Article in Journal
Advanced Intelligent Control through Versatile Intelligent Portable Platforms
Previous Article in Special Issue
JLVEA: Lightweight Real-Time Video Stream Encryption Algorithm for Internet of Things
Open AccessArticle

OpCode-Level Function Call Graph Based Android Malware Classification Using Deep Learning

1
School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China
2
Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen 518040, China
*
Author to whom correspondence should be addressed.
Sensors 2020, 20(13), 3645; https://doi.org/10.3390/s20133645
Received: 29 May 2020 / Revised: 23 June 2020 / Accepted: 24 June 2020 / Published: 29 June 2020
Due to the openness of an Android system, many Internet of Things (IoT) devices are running the Android system and Android devices have become a common control terminal for IoT devices because of various sensors on them. With the popularity of IoT devices, malware on Android-based IoT devices is also increasing. People’s lives and privacy security are threatened. To reduce such threat, many researchers have proposed new methods to detect Android malware. Currently, most malware detection products on the market are based on malware signatures, which have a fast detection speed and normally a low false alarm rate for known malware families. However, they cannot detect unknown malware and are easily evaded by malware that is confused or packaged. Many new solutions use syntactic features and machine learning techniques to classify Android malware. It has been known that analysis of the Function Call Graph (FCG) can capture behavioral features of malware well. This paper presents a new approach to classifying Android malware based on deep learning and OpCode-level FCG. The FCG is obtained through static analysis of Operation Code (OpCode), and the deep learning model we used is the Long Short-Term Memory (LSTM). We conducted experiments on a dataset with 1796 Android malware samples classified into two categories (obtained from Virusshare and AndroZoo) and 1000 benign Android apps. Our experimental results showed that our proposed approach with an accuracy of 97 % outperforms the state-of-the-art methods such as those proposed by Nikola et al. and Hou et al. (IJCAI-18) with the accuracy of 97 % and 91 % , respectively. The time consumption of our proposed approach is less than the other two methods. View Full-Text
Keywords: Android malware detection; static analysis; OpCode-level FCG; deep learning; LSTM Android malware detection; static analysis; OpCode-level FCG; deep learning; LSTM
Show Figures

Figure 1

MDPI and ACS Style

Niu, W.; Cao, R.; Zhang, X.; Ding, K.; Zhang, K.; Li, T. OpCode-Level Function Call Graph Based Android Malware Classification Using Deep Learning. Sensors 2020, 20, 3645.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop