Cyber Code Intelligence for Android Malware Detection.pdf
- 1. Cyber Code Intelligence for Android Malware Detection Abstract Evolving Android malware poses a severe security threat to mobile users, and machine-learning (ML)-based defense techniques attract active research. Due to the lack of knowledge, many zero undetected until the classifier ga ML-based methods will take a long time to learn new malware families in the latest malware family landscape. Existing ML detection and classification methods struggle with the fast evolutio malware landscape, particularly in terms of the emergence of zero malware families and limited representation of single article, a new multiview feature intelligence (MFI) framework is developed to learn the representation of a targeted capability from known malware families for recognizing unknown and evolving malware with the same capability. The new framework performs reverse engineering to extract multiview Cyber Code Intelligence for Android Malware Detection Evolving Android malware poses a severe security threat to mobile users, and based defense techniques attract active research. Due to the lack of knowledge, many zero-day families’ malware may remain undetected until the classifier gains specialized knowledge. The most existing based methods will take a long time to learn new malware families in the latest malware family landscape. Existing ML-based Android malware detection and classification methods struggle with the fast evolutio malware landscape, particularly in terms of the emergence of zero malware families and limited representation of single-view features. In this article, a new multiview feature intelligence (MFI) framework is developed to on of a targeted capability from known malware families for recognizing unknown and evolving malware with the same capability. The new framework performs reverse engineering to extract multiview Cyber Code Intelligence for Android Evolving Android malware poses a severe security threat to mobile users, and based defense techniques attract active research. Due day families’ malware may remain ins specialized knowledge. The most existing based methods will take a long time to learn new malware families in the based Android malware detection and classification methods struggle with the fast evolution of the malware landscape, particularly in terms of the emergence of zero-day view features. In this article, a new multiview feature intelligence (MFI) framework is developed to on of a targeted capability from known malware families for recognizing unknown and evolving malware with the same capability. The new framework performs reverse engineering to extract multiview
- 2. heterogeneous features, including semantic string features, API call graph features, and smali opcode sequential features. It can learn the representation of a targeted capability from known malware families through a series of processes of feature analysis, selection, aggregation, and encoding, to detect unknown Android malware with shared target capability. We create a new dataset with ground-truth information regarding capability. Many experiments are conducted on the new dataset to evaluate the performance and effectiveness of the new method. The results demonstrate that the new method outperforms three state-of-the-art methods, including: 1) Drebin; 2) MaMaDroid; and 3) N -opcode, when detecting unknown Android malware with targeted capabilities.