【 摘 要 】

One of the basic characteristics of a Gabor filter is that it provides useful information about specific frequencies ina localized region. Such information can be used in locating snippets of code, i.e., localized code, in a program whentransformed into an image for finding embedded malicious patterns. Keeping this phenomenon, we propose a novel techniqueusing a sliding Window over Gabor filters for mining the Dalvik Executable (DEX) bytecodes of an Android application (APK)to find malicious patterns. We extract the structural and behavioral functionality and localized information of an APK throughGabor filtered images of the 2D grayscale image of the DEX bytecodes. A Window is slid over these features and a weight isassigned based on its frequency of use. The selected Windows whose weights are greater than a given threshold, are used fortraining a classifier to detect malware APKs. Our technique does not require any disassembly or execution of the malwareprogram and hence is much safer and more accurate. To further improve feature selection, we apply a greedy optimizationalgorithm to find the best performing feature subset. The proposed technique, when tested using real malware and benignAPKs, obtained a detection rate of 98.9% with 10-fold cross-validation.

【 授权许可】

Unknown   

【 预 览 】

附件列表

Files	Size	Format	View
RO202307090002588ZK.pdf	762KB	PDF	download