Android Dynamic Malware Detection Method Based on System Call Sequences

With the continuous evolution of the types and attack strategies of Android malware, the methods for detecting them must also innovate and evolve. Although existing dynamic detection methods mostly rely on machine learning, they still face numerous challenges in accurately identifying malicious soft...

Full description

Saved in:
Bibliographic Details
Published in2024 9th International Conference on Intelligent Computing and Signal Processing (ICSP) pp. 275 - 279
Main Authors Liu, Xiaojian, Zhang, Yifei, Duan, Yaoyao, Hou, Beibei
Format Conference Proceeding
LanguageEnglish
Published IEEE 19.04.2024
Subjects
Analytical models
Android malware
CNN-LSTM model
component
Computational modeling
Dynamic detection
Faces
Feature extraction
Long short term memory
Machine learning
Malware
Signal processing
System call sequence
Training
Vectors
Online AccessGet full text

Cover

More Information
Summary:With the continuous evolution of the types and attack strategies of Android malware, the methods for detecting them must also innovate and evolve. Although existing dynamic detection methods mostly rely on machine learning, they still face numerous challenges in accurately identifying malicious software features. In order to more efficiently detect Android malware, this paper proposes an Android malware detection method based on the CNN-LSTM model. This method uses Strace to capture system call sequence logs and selects certain function parameters from the system calls to construct feature vectors. Finally, a CNN-LSTM model is employed for training and classification. Experimental analysis shows that compared to other machine learning methods and traditional CNN and LSTM networks, the classification performance of the CNN-LSTM model shows the best performance in all evaluation indicators.
DOI:10.1109/ICSP62122.2024.10744001