Abstract
Because of the characteristic of openness and flexibility, Android has become the most popular mobile platform. However, it has also become the most targeted system by mobile malware. It is necessary for the users to have a fast and reliable detection method. In this paper, a two-layer method is proposed to detect malware in Android APPs. The first layer is permission, intent and component information based static malware detection model. It combines the static features with fully connected neural network to detect the malware and test its effectiveness through experiment, the detection rate of the first layer is 95.22%. Then the result (benign APPs from the first layer) is input into the second layer. In the second layer, a new method CACNN which cascades CNN and AutoEncoder, is used to detect malware through network traffic features of APPs. The detection rate of the second layer is 99.3% in binary classification (2-classifier). Moreover, the new two-layer model can also detect malware by its category (4-classifier) and malicious family (40-classifier). The detection rates are 98.2% and 71.48% respectively. The experimental results show that our two-layer method not only can achieve semi-supervise learning, but also can effectively improve the detection rate of malicious Android APPs.
Highlights
In recent years, Smartphones and tablets have been integrated into every aspect of people’s lives
Our experimental results show that combining network traffic features with cascading deep learning CACNN methods can effectively identify malicious software in Android APPs
Lashkari et al [29] propose an Android Malware detection model based on a new network traffic feature set to expedite the efficiency of traffic classifier
Summary
Smartphones and tablets have been integrated into every aspect of people’s lives. People can download popular mobile APPs which access internet via Android for more personalized or complicated things, such as social network APPs, studding APPs, gaming APPs, information exchange APPs, financial transactions and cloud storage APPs etc These various APPs generate huge amounts of mobile traffic data, which contain highly sensitive information. Because of the lack of effective verify method, malware developers can utilize multiple method to evade the detection provided by Android sand-boxing or other existed antivirus mechanisms and upload their malicious APPs to the market and even Google’s official market These evasion methods include dynamic execution, code obfuscation, repackaging or encryption [43]. Our experimental results show that combining network traffic features with cascading deep learning CACNN methods can effectively identify malicious software in Android APPs. 3) Two-layer detection model.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
