Jadeite: A novel image-behavior-based approach for Java malware detection using deep learning

Abstract

Java malware exploiting language vulnerabilities has become increasingly prevalent in the recent past. Since Java is a platform-independent language, these security threats open up the opportunity for multi-platform exploitation. Although security researchers continuously develop different approaches for protecting against Java malware programs, the presence of complicated Java malware properties, such as code obfuscation, makes these malware programs fly under the radar. These challenges present the need to develop new approaches that are resilient to such properties. This article presents Jadeite, a novel approach for detecting Java bytecode malware programs using static analysis and recent advancements in the image-based, deep-learning classification space. In particular, Jadeite extracts the Interprocedural Control Flow Graph (ICFG) from a given Java bytecode file and then prunes the ICFG and converts it into an adjacency matrix. Finally, Jadeite constructs a grayscale image from this matrix. We leverage an object detection algorithm in a deep Convolutional Neural Network (CNN) classifier to determine maliciousness. Also, Jadeite extracts an additional set of features from the Java malware program to improve the accuracy of malware classification. These features are consolidated with the extracted images and used as inputs to the CNN classifier. Experimental results demonstrate that Jadeite achieves high accuracy (98.4%) compared to other Java malware detection approaches and is capable of detecting both known and previously-unseen real-world malicious Java programs.