Litcius/Paper detail

Android Malware Detection: Looking beyond Dalvik Bytecode

Tiezhu Sun, Nadia Daoudi, Kevin Allix, Tegawendé F. Bissyandé

202123 citationsDOIOpen Access PDF

Abstract

Machine learning has been widely employed in the literature of malware detection because it is adapted to the need for scalability in vetting large scale samples of Android. Feature engineering has therefore been the key focus for research advances. Recently, a new research direction that builds on the momentum of Deep Learning for computer vision has produced promising results with image representations of Android byte-code. In this work, we postulate that other artifacts such as the binary (native) code and metadata/configuration files could be looked at to build more exhaustive representations of Android apps. We show that binary code and metadata files can also provide relevant information for Android malware detection, i.e., that they can allow to detect Malware that are not detected by models built only on bytecode. Furthermore, we investigate the potential benefits of combining all these artifacts into a unique representation with a strong signal for reasoning about maliciousness.

Topics & Concepts

BytecodeComputer scienceAndroid (operating system)MalwareMetadataScalabilityOpcodeMachine codeArtificial intelligenceMachine learningOperating systemVirtual machineCompilerAdvanced Malware Detection TechniquesSoftware Testing and Debugging TechniquesDigital and Cyber Forensics