Android malware detection framework based on sensitive opcodes and deep reinforcement learning

Abstract

Malware attack is a growing problem on the Android mobile platform due to its popularity and openness. Although numerous malware detection approaches have been proposed, it still remains challenging for malware detection due to a large amount of constantly mutating apps. The opcode, as the most fundamental part of Android app, possesses good resistance against obfuscation and Android version updates. Due to the large number of opcodes, most opcode-based methods employ statistical-based feature selection, which disrupts the correlation and semantic information among opcodes. In this paper, we propose an Android malware detection framework based on sensitive opcodes and deep reinforcement learning. Firstly, we extract sensitive opcode fragments based on sensitive elements and then encode the features using n-gram. Next, we use deep reinforcement learning to select the optimal subset of features. During the process of handling opcodes, we focus on preserving semantic information and the correlation among opcodes. Finally, our experimental results show an accuracy of 0.9670 by using the 25 opcode features we obtained.