An effective end-to-end android malware detection method

Android has rapidly become the most popular mobile operating system because of its open source, rich hardware selectivity, and millions of applications (Apps). Meanwhile, the open source of Android makes it the main target of malware. Malware detection methods based on manual features are easily bypassed by confusing technologies and are suffering from low code coverage. Thus, we propose an automated extraction method without any manual expert intervention. Specifically, we characterize the vital parts of the Dalvik executable (Dex) to an RGB (Red/Green/Blue) image. Furthermore, we propose a novel convolutional neural network (CNN) variant with diverse receptive fields using max pooling and average pooling simultaneously (MADRF), named MADRF-CNN, which can capture the dependencies between different parts of the image (transferred from the Dex file) by capitalizing on multi-scale context information. To evaluate the effectiveness of the proposed method, we conducted extensive experiments and our experimental results showed that the Accuracy of our method is 96.9%, which is much better than state-of-the-art solutions.

Automated summary

Android has become the most popular mobile operating system due to its open source nature, wide hardware compatibility, and vast application ecosystem. However, its open source nature also makes it a prime target for malware. Existing manual feature-based malware detection methods lack effectiveness and code coverage. To address this, we propose an automated extraction method that characterizes crucial parts of the Dalvik executable into RGB images. Additionally, we introduce MADRF-CNN, a novel CNN variant that incorporates multi-scale context information to capture dependencies between different parts of the image derived from the Dex file. Experimental results demonstrate that our method achieves an accuracy of 96.9%, outperforming state-of-the-art solutions.