Detecting Unknown Malware on Android by Machine Learning Using the Feature of Dalvik Operation Code
- DOI
- 10.2991/icacie-17.2017.12How to use a DOI?
- Keywords
- malicious; Dalvik operation code; detection
- Abstract
The recent growth in network usage has motivated the creation of new malicious code for various purposes, including economic ones. Today's signature-based anti-viruses are very accurate, but cannot detect new malicious code. Recently, classification algorithms were employed successfully for the detection of unknown malicious code. However, most of the studies use byte sequence n-gram representation of the binary code of the executable files on windows. We propose the use of Dalvik Operation Code on Android, generated by disassembling the application. We then use n-gram of the operation code as features for the classification process. We present a full methodology for the detection of unknown malicious code, based on text categorization concepts. The experiment results show that the method results are in a high accuracy rate.
- Copyright
- © 2017, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Quanmin Wang AU - Zhenguo Li AU - Shuang Zheng AU - Shi Gu AU - Yanfeng Sun AU - Kaiyang Wang PY - 2017/08 DA - 2017/08 TI - Detecting Unknown Malware on Android by Machine Learning Using the Feature of Dalvik Operation Code BT - Proceedings of the 2017 2nd International Conference on Automatic Control and Information Engineering (ICACIE 2017) PB - Atlantis Press SP - 53 EP - 57 SN - 2352-5401 UR - https://doi.org/10.2991/icacie-17.2017.12 DO - 10.2991/icacie-17.2017.12 ID - Wang2017/08 ER -