Flexible Android Malware Detection Model based on Generative Adversarial Networks with Code Tensor

TL;DR

This paper introduces a novel Android malware detection approach using GANs and code tensor techniques, effectively identifying malware variants and improving detection robustness by generating diverse malicious samples.

Contribution

The paper presents a new malware detection model combining GANs with code tensor analysis, enhancing detection of malware variants and enriching training data.

Findings

Maximum detection efficiency improved by 41.6%

Generated samples increase data diversity significantly

Retraining with generated samples boosts robustness

Abstract

The behavior of malware threats is gradually increasing, heightened the need for malware detection. However, existing malware detection methods only target at the existing malicious samples, the detection of fresh malicious code and variants of malicious code is limited. In this paper, we propose a novel scheme that detects malware and its variants efficiently. Based on the idea of the generative adversarial networks (GANs), we obtain the `true' sample distribution that satisfies the characteristics of the real malware, use them to deceive the discriminator, thus achieve the defense against malicious code attacks and improve malware detection. Firstly, a new Android malware APK to image texture feature extraction segmentation method is proposed, which is called segment self-growing texture segmentation algorithm. Secondly, tensor singular value decomposition (tSVD) based on the low-tubal rank transforms malicious features with different sizes into a fixed third-order tensor uniformly, which is entered into the neural network for training and learning. Finally, a flexible Android malware detection model based on GANs with code tensor (MTFD-GANs) is proposed. Experiments show that the proposed model can generally surpass the traditional malware detection model, with a maximum improvement efficiency of 41.6\%. At the same time, the newly generated samples of the GANs generator greatly enrich the sample diversity. And retraining malware detector can effectively improve the detection efficiency and robustness of traditional models.