Abstract:
During the last decade, Android malware detection has ever preoccupied researchers. The rhythm of creation of sophisticated malicious techniques obliges researchers to look for robust countermeasures. Singular Vector Decomposition (SVD) is a powerful
in signal processing for image compression. Unlike image-based deep learning detection that directly take images made of .dex properties, SVD-based processing of images is investigated in this work to recognize maliciousness. For that, we associate n-gram for completeness of properties extraction and Simhash for uniqueness of application signatures. SVDroid is proposed to transform applications based on n-gram and Simhash into 32 x 32 grayscale images, then to apply SVD to only remain with valuable features. Machine and deep learning algorithms are applied to automatically extract knowledge to profile applications. Experiments have been conducted on 135 malware and 135 benign applications. Results reveal that the association n-gram, Simhash along with the learning algorithm process positively contributes to the profiling. CNN outperforms six machine learning algorithms with an accuracy of 88.55% and an AUC of 93.45% on average. A study demonstrates that SVDroid is able to improve CNN-based image processing approaches. Exploitation of compression techniques such as SVD should be further studied in mobile malware detection.