IIT Home Page CNR Home Page

Android malware detection based on system call sequences and LSTM

As Android-based mobile devices become increasingly popular, malware detection on Android is very crucial nowadays. In this paper, a novel detection method based on deep learning is proposed to distinguish malware from trusted applications. Considering there is some semantic information in system call sequences as the natural language, we treat one system call sequence as a sentence in the language and construct a classifier based on the Long Short-Term Memory (LSTM) language model. In the classifier, at first two LSTM models are trained respectively by the system call sequences from malware and those from benign applications. Then according to these models, two similarity scores are computed. Finally, the classifier determines whether the application under analysis is malicious or trusted by the greater score. Thorough experiments we show that our approach can achieve high efficiency and reach high recall of 96.6% with low False Positive Rate (FPR) of 9.3%, which is better than the other methods.

Multimedia Tools and Applications, 2017

Autori esterni: Xi Xiao (Graduate School At Shenzhen, Tsinghua University), Shaofeng Zhang (Graduate School At Shenzhen, Tsinghua University), Guangwu Hu (School of Computer Science, Shenzhen Institute of Information Technology), Arun Kumar Sangaiah (School of Computing Science and Engineering, VIT University)
Autori IIT:

Tipo: Contributo in rivista ISI
Area di disciplina: Computer Science & Engineering

File: MTAP-Xiao.pdf

Attività: Sicurezza di dispositivi mobili