Android Malware Familial Classification Based on DEX File Section Features
The rapid proliferation of Android malware is challenging the classification of the Android malware family. The traditional static method for classification is easily affected by the confusion and reinforcement, while the dynamic method is expensive in computation. To solve these problems, this pape...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2020-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8955840/ |
id |
doaj-ee701527baa84ac6abfc6d308d17ab70 |
---|---|
record_format |
Article |
spelling |
doaj-ee701527baa84ac6abfc6d308d17ab702021-03-30T03:14:17ZengIEEEIEEE Access2169-35362020-01-018106141062710.1109/ACCESS.2020.29656468955840Android Malware Familial Classification Based on DEX File Section FeaturesYong Fang0https://orcid.org/0000-0003-0708-1686Yangchen Gao1https://orcid.org/0000-0003-2867-5934Fan Jing2https://orcid.org/0000-0001-9133-1742Lei Zhang3https://orcid.org/0000-0001-8074-906XCollege of Cybersecurity, Sichuan University, Chengdu, ChinaCollege of Cybersecurity, Sichuan University, Chengdu, ChinaCollege of Cybersecurity, Sichuan University, Chengdu, ChinaCollege of Cybersecurity, Sichuan University, Chengdu, ChinaThe rapid proliferation of Android malware is challenging the classification of the Android malware family. The traditional static method for classification is easily affected by the confusion and reinforcement, while the dynamic method is expensive in computation. To solve these problems, this paper proposes an Android malware familial classification method based on Dalvik Executable (DEX) file section features. First, the DEX file is converted into RGB (Red/Green/Blue) image and plain text respectively, and then, the color and texture of image and text are extracted as features. Finally, a feature fusion algorithm based on multiple kernel learning is used for classification. In this experiment, the Android Malware Dataset (AMD) was selected as the sample set. Two different comparative experiments were set up, and the method in this paper was compared with the common visualization method and feature fusion method. The results show that our method has a better classification effect with precision, recall and F1 score reaching 0.96. Besides, the time of feature extraction in this paper is reduced by 2.999 seconds compared with the method of frequent subsequence. In conclusion, the method proposed in this paper is efficient and precise in the classification of the Android malware family.https://ieeexplore.ieee.org/document/8955840/Android malware familyDEX file sectionmultiple kernel learning |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Yong Fang Yangchen Gao Fan Jing Lei Zhang |
spellingShingle |
Yong Fang Yangchen Gao Fan Jing Lei Zhang Android Malware Familial Classification Based on DEX File Section Features IEEE Access Android malware family DEX file section multiple kernel learning |
author_facet |
Yong Fang Yangchen Gao Fan Jing Lei Zhang |
author_sort |
Yong Fang |
title |
Android Malware Familial Classification Based on DEX File Section Features |
title_short |
Android Malware Familial Classification Based on DEX File Section Features |
title_full |
Android Malware Familial Classification Based on DEX File Section Features |
title_fullStr |
Android Malware Familial Classification Based on DEX File Section Features |
title_full_unstemmed |
Android Malware Familial Classification Based on DEX File Section Features |
title_sort |
android malware familial classification based on dex file section features |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2020-01-01 |
description |
The rapid proliferation of Android malware is challenging the classification of the Android malware family. The traditional static method for classification is easily affected by the confusion and reinforcement, while the dynamic method is expensive in computation. To solve these problems, this paper proposes an Android malware familial classification method based on Dalvik Executable (DEX) file section features. First, the DEX file is converted into RGB (Red/Green/Blue) image and plain text respectively, and then, the color and texture of image and text are extracted as features. Finally, a feature fusion algorithm based on multiple kernel learning is used for classification. In this experiment, the Android Malware Dataset (AMD) was selected as the sample set. Two different comparative experiments were set up, and the method in this paper was compared with the common visualization method and feature fusion method. The results show that our method has a better classification effect with precision, recall and F1 score reaching 0.96. Besides, the time of feature extraction in this paper is reduced by 2.999 seconds compared with the method of frequent subsequence. In conclusion, the method proposed in this paper is efficient and precise in the classification of the Android malware family. |
topic |
Android malware family DEX file section multiple kernel learning |
url |
https://ieeexplore.ieee.org/document/8955840/ |
work_keys_str_mv |
AT yongfang androidmalwarefamilialclassificationbasedondexfilesectionfeatures AT yangchengao androidmalwarefamilialclassificationbasedondexfilesectionfeatures AT fanjing androidmalwarefamilialclassificationbasedondexfilesectionfeatures AT leizhang androidmalwarefamilialclassificationbasedondexfilesectionfeatures |
_version_ |
1724183927649730560 |