Download PDFOpen PDF in browserAn Android Malware Detection Method Based on CNN Mixed-Data ModelEasyChair Preprint 434516 pages•Date: October 10, 2020AbstractThe paper proposes an Android malware detection method based on convolutional neural network mixed-data model. This data are presented by API method calls and a set of permissions for the Android app. Word2vec technolo-gy was used to represent API calls in a vector space, which creates semantically similar feature vectors for related API calls. To represent a set of permissions, each unique permission is encoded as a binary feature that determines the pres-ence / absence of permission in the input sequence. Obtained sequence is then broken down into nibbles and the code “8421” is applied with further normali-zation of the result. Both types of vectorized data are the inputs to the convolu-tional neural network. The architecture of the proposed neural network consists of two separate parallel convolutional branches, each of which processes its own type of data, and the fully connected layers. The structure of both branches is the same, which involves placing in each branch two consecutive layers of convolution, where the first layer maps the simple features that will be used by the second layer to represent higher level behavioral patterns. After the convo-lution layers, there is a pooling layer placed to reduce the dimension of the data. The outputs from both branches of the network are combined to form the input for fully connected layers, which determine the probabilities of belonging sus-picious app to one of the classes – malware or benign. Keyphrases: API calls, Android Malware, Convolution Neural Network, Permissions, word2vec
|