Android Malware Detection Based on Program Genes

Abstract

The security issues with mobile devices have received more attention as a result of the development of mobile Internet technology and the adoption of mobile intelligent terminal devices. It is becoming more crucial to quickly and effectively identify and remove harmful applications from systems in order to protect user data and personal devices. The Dalvik bytecode, permission applications, and system calls of Android apps are the main targets of the current Android malware analysis approaches. However, in recent years, an increasing amount of Android malware conceals harmful code in native code. The method for using program gene technology to identify malware on the Android platform is presented in this research. This method extracts executable library files from the Native layer binary executable files of Android programs and disassembles the library files to obtain program genes. Then, the programs' genes perform feature screening by the information gain method and next use Word2Vec to express the semantic abstraction of the screened features. Finally, the screened features were used in deep neural network models for training and detection. The experimental results demonstrate that compared with KNN, SVM, and other machine learning algorithms, the deep neural network model is more effective and the detection accuracy reaches up to 97.51%. Thus, it confirmed the feasibility of the Android malicious program detection method based on program genes in this paper.