Falcon: Malware Detection and Categorization with Network Traffic Images

• Published in: Artificial Neural Networks and Machine Learning – ICANN 2021 pp. 117 - 128
• Main Authors: Xu, Peng, Eckert, Claudia, Zarras, Apostolis
• Format: Book Chapter
• Language: English
• Published: Cham Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: 2D image sequence classification; Bi-directional LSTM; Malware categorization; Malware detection
• ISBN: 9783030863616; 3030863611
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-86362-3_10

Android is the most popular smartphone operating system. At the same time, miscreants have already created malicious apps to find new victims and infect them. Unfortunately, existing anti-malware procedures have become obsolete, and thus novel Android malware techniques are in high demand. In this paper, we present Falcon, an Android malware detection and categorization framework. More specifically, we treat the network traffic classification task as a 2D image sequence classification and handle each network packet as a 2D image. Furthermore, we use a bidirectional LSTM network to process the converted 2D images to obtain the network vectors. We then utilize those converted vectors to detect and categorize the malware. Our results reveal that Falcon could be an accurate and viable solution as we get 97.16% accuracy on average for the malware detection and 88.32% accuracy for the malware categorization.