Android Malware Detection Based on System Calls Analysis and CNN Classification

Android is the most used mobile operating system in the world with two billion monthly active users in May 2017 [1]. Provided by Google, to be used on a multitude of smartphones, tablets and other connected objects. It allows the installation of a variety of applications for messaging, calling, news or video games. This multitude of applications facilitate the user's life and make the device a database rich in personal information such as phone number, emails, messages, confidential correspondence, etc., serving also as a good information repository for hackers. This gives rise to a wave of malignity, using suspicious applications, usually for profit (surcharged messages, sale of personal information or even tools of pressure and threat), or to satisfy personal desires (curiosity, vandalism...). Our solution proposes a behavioral dynamic analysis of the applications likely to be a source of malignancy. The application will be sent towards a distant server through a user-friendly and simple to use interface. It will be installed and executed with a simulation of a human use. After execution, system calls generated by the Linux kernel are collected, processed, and provided to the neural network model that will be used to predict whether the analyzed applications are malware or goodware. This model is built and refined using an APK database varied between goodware and malware. We used a neural network for automatic learning, and more precisely the Convolutional Neural Network (CNN). Our method uses matrix representation of collected system calls and input to the CNN model, a less expensive representation in memory space and therefore accelerate the process of learning.