Android Malware Familial Classification Based on DEX File Section Features

Android Malware Familial Classification Based on DEX File Section Features

The rapid proliferation of Android malware is challenging the classification of the Android malware family. The traditional static method for classification is easily affected by the confusion and reinforcement, while the dynamic method is expensive in computation. To solve these problems, this pape...

Full description

Bibliographic Details
Main Authors: Yong Fang, Yangchen Gao, Fan Jing, Lei Zhang
Format: Article
Language:English
Published: IEEE 2020-01-01
Series:IEEE Access
Subjects:
Android malware family
DEX file section
multiple kernel learning
Online Access:https://ieeexplore.ieee.org/document/8955840/
id doaj-ee701527baa84ac6abfc6d308d17ab70
record_format Article
spelling doaj-ee701527baa84ac6abfc6d308d17ab702021-03-30T03:14:17ZengIEEEIEEE Access2169-35362020-01-018106141062710.1109/ACCESS.2020.29656468955840Android Malware Familial Classification Based on DEX File Section FeaturesYong Fang0https://orcid.org/0000-0003-0708-1686Yangchen Gao1https://orcid.org/0000-0003-2867-5934Fan Jing2https://orcid.org/0000-0001-9133-1742Lei Zhang3https://orcid.org/0000-0001-8074-906XCollege of Cybersecurity, Sichuan University, Chengdu, ChinaCollege of Cybersecurity, Sichuan University, Chengdu, ChinaCollege of Cybersecurity, Sichuan University, Chengdu, ChinaCollege of Cybersecurity, Sichuan University, Chengdu, ChinaThe rapid proliferation of Android malware is challenging the classification of the Android malware family. The traditional static method for classification is easily affected by the confusion and reinforcement, while the dynamic method is expensive in computation. To solve these problems, this paper proposes an Android malware familial classification method based on Dalvik Executable (DEX) file section features. First, the DEX file is converted into RGB (Red/Green/Blue) image and plain text respectively, and then, the color and texture of image and text are extracted as features. Finally, a feature fusion algorithm based on multiple kernel learning is used for classification. In this experiment, the Android Malware Dataset (AMD) was selected as the sample set. Two different comparative experiments were set up, and the method in this paper was compared with the common visualization method and feature fusion method. The results show that our method has a better classification effect with precision, recall and F1 score reaching 0.96. Besides, the time of feature extraction in this paper is reduced by 2.999 seconds compared with the method of frequent subsequence. In conclusion, the method proposed in this paper is efficient and precise in the classification of the Android malware family.https://ieeexplore.ieee.org/document/8955840/Android malware familyDEX file sectionmultiple kernel learning
collection DOAJ
language English
format Article
sources DOAJ
author Yong Fang
Yangchen Gao
Fan Jing
Lei Zhang
spellingShingle Yong Fang
Yangchen Gao
Fan Jing
Lei Zhang
Android Malware Familial Classification Based on DEX File Section Features
IEEE Access
Android malware family
DEX file section
multiple kernel learning
author_facet Yong Fang
Yangchen Gao
Fan Jing
Lei Zhang
author_sort Yong Fang
title Android Malware Familial Classification Based on DEX File Section Features
title_short Android Malware Familial Classification Based on DEX File Section Features
title_full Android Malware Familial Classification Based on DEX File Section Features
title_fullStr Android Malware Familial Classification Based on DEX File Section Features
title_full_unstemmed Android Malware Familial Classification Based on DEX File Section Features
title_sort android malware familial classification based on dex file section features
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2020-01-01
description The rapid proliferation of Android malware is challenging the classification of the Android malware family. The traditional static method for classification is easily affected by the confusion and reinforcement, while the dynamic method is expensive in computation. To solve these problems, this paper proposes an Android malware familial classification method based on Dalvik Executable (DEX) file section features. First, the DEX file is converted into RGB (Red/Green/Blue) image and plain text respectively, and then, the color and texture of image and text are extracted as features. Finally, a feature fusion algorithm based on multiple kernel learning is used for classification. In this experiment, the Android Malware Dataset (AMD) was selected as the sample set. Two different comparative experiments were set up, and the method in this paper was compared with the common visualization method and feature fusion method. The results show that our method has a better classification effect with precision, recall and F1 score reaching 0.96. Besides, the time of feature extraction in this paper is reduced by 2.999 seconds compared with the method of frequent subsequence. In conclusion, the method proposed in this paper is efficient and precise in the classification of the Android malware family.
topic Android malware family
DEX file section
multiple kernel learning
url https://ieeexplore.ieee.org/document/8955840/
work_keys_str_mv AT yongfang androidmalwarefamilialclassificationbasedondexfilesectionfeatures
AT yangchengao androidmalwarefamilialclassificationbasedondexfilesectionfeatures
AT fanjing androidmalwarefamilialclassificationbasedondexfilesectionfeatures
AT leizhang androidmalwarefamilialclassificationbasedondexfilesectionfeatures
_version_ 1724183927649730560

Similar Items