Droid Detector:Android Malware Characterization and Detection Using Deep Learning  被引量：37

作　　者：Zhenlong Yuan Yongqiang Lu Yibo Xue 

机构地区：[1]Department of Automation and Research Institute of Information Technology (RIIT),Tsinghua University [2]Department of Antivirus,Baidu Inc. [3]Research Institute of Information Technology (RIIT) and Tsinghua National Lab for Information Science and Technology (TNList),Tsinghua University

出　　处：《Tsinghua Science and Technology》2016年第1期114-123,共10页清华大学学报（自然科学版（英文版）

摘　　要：Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine（Droid Detector） that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine（Droid Detector） that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.

关 键 词：Android security malware detection characterization deep learning association rules mining 

分 类 号：TP316[自动化与计算机技术—计算机软件与理论] TP309[自动化与计算机技术—计算机科学与技术]