DroidGene: Detecting Android Malware Using Its Malicious Gene

Abstract

Android is the most popular smartphone operating system in the world thanks to its openness, which also attracts many Android malware writers. It is really a big challenge for the various Android markets to filter out malware accurately and quickly before provisioning a large number of APPs. Many handcraft feature-based detection solutions had been proposed for solving this problem. But the malware writers can always find ways to change the features while maintaining the malware’ malicious semantic. Inspired by the findings in biology, we advocate identifying Android APPs’ genes that are responsible for the malicious behaviors. Based on this idea, we proposed a new method called DroidGene, which treats calling sequences and permissions as DNA, and using elaborately designed LSTM to find APPs’ malicious genes. The result of experiments on 16,200 Android samples shows that both the accuracy (99.1%) and the detection time (0.36 s) of DroidGene are superior to the state-of-the-art method.