Android恶意软件检测:超越Dalvik字节码

2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW) Pub Date : 2021-11-01 DOI:10.1109/ASEW52652.2021.00019

Tiezhu Sun, N. Daoudi, Kevin Allix, Tegawendé F. Bissyandé

{"title":"Android恶意软件检测:超越Dalvik字节码","authors":"Tiezhu Sun, N. Daoudi, Kevin Allix, Tegawendé F. Bissyandé","doi":"10.1109/ASEW52652.2021.00019","DOIUrl":null,"url":null,"abstract":"Machine learning has been widely employed in the literature of malware detection because it is adapted to the need for scalability in vetting large scale samples of Android. Feature engineering has therefore been the key focus for research advances. Recently, a new research direction that builds on the momentum of Deep Learning for computer vision has produced promising results with image representations of Android byte-code. In this work, we postulate that other artifacts such as the binary (native) code and metadata/configuration files could be looked at to build more exhaustive representations of Android apps. We show that binary code and metadata files can also provide relevant information for Android malware detection, i.e., that they can allow to detect Malware that are not detected by models built only on bytecode. Furthermore, we investigate the potential benefits of combining all these artifacts into a unique representation with a strong signal for reasoning about maliciousness.","PeriodicalId":349977,"journal":{"name":"2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Android Malware Detection: Looking beyond Dalvik Bytecode\",\"authors\":\"Tiezhu Sun, N. Daoudi, Kevin Allix, Tegawendé F. Bissyandé\",\"doi\":\"10.1109/ASEW52652.2021.00019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Machine learning has been widely employed in the literature of malware detection because it is adapted to the need for scalability in vetting large scale samples of Android. Feature engineering has therefore been the key focus for research advances. Recently, a new research direction that builds on the momentum of Deep Learning for computer vision has produced promising results with image representations of Android byte-code. In this work, we postulate that other artifacts such as the binary (native) code and metadata/configuration files could be looked at to build more exhaustive representations of Android apps. We show that binary code and metadata files can also provide relevant information for Android malware detection, i.e., that they can allow to detect Malware that are not detected by models built only on bytecode. Furthermore, we investigate the potential benefits of combining all these artifacts into a unique representation with a strong signal for reasoning about maliciousness.\",\"PeriodicalId\":349977,\"journal\":{\"name\":\"2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW)\",\"volume\":\"89 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ASEW52652.2021.00019\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASEW52652.2021.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

机器学习已经被广泛应用于恶意软件检测的文献中，因为它适应了在审查大规模Android样本时的可扩展性需求。因此，特征工程一直是研究进展的重点。最近，基于计算机视觉的深度学习势头的一个新的研究方向在Android字节码的图像表示方面产生了有希望的结果。在这项工作中，我们假设可以查看二进制(本机)代码和元数据/配置文件等其他工件，以构建更详尽的Android应用程序表示。我们表明二进制代码和元数据文件也可以为Android恶意软件检测提供相关信息，即它们可以检测仅基于字节码构建的模型无法检测到的恶意软件。此外，我们研究了将所有这些工件组合成一个具有强信号的独特表示的潜在好处，用于推理恶意。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Android Malware Detection: Looking beyond Dalvik Bytecode

Machine learning has been widely employed in the literature of malware detection because it is adapted to the need for scalability in vetting large scale samples of Android. Feature engineering has therefore been the key focus for research advances. Recently, a new research direction that builds on the momentum of Deep Learning for computer vision has produced promising results with image representations of Android byte-code. In this work, we postulate that other artifacts such as the binary (native) code and metadata/configuration files could be looked at to build more exhaustive representations of Android apps. We show that binary code and metadata files can also provide relevant information for Android malware detection, i.e., that they can allow to detect Malware that are not detected by models built only on bytecode. Furthermore, we investigate the potential benefits of combining all these artifacts into a unique representation with a strong signal for reasoning about maliciousness.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW)

自引率

0.00%

发文量