Android malware detection method based on bytecode image

Traditional machine learning based malware detection methods often use decompiling techniques or dynamic monitoring techniques to extract the feature representation of malware. This procedure is time consuming and strongly depends on the skills of experts. In addition, malware can be packed or encrypted to evade the analysis of decompiling tools. To solve this issue, we propose a static detection method based on deep learning. We directly extract bytecode file from Android APK file, and convert the bytecode file into a two-dimensional bytecode matrix, then use the deep learning algorithm, convolution neural network (CNN), to train a detection model and apply it to classify malware. CNN can automatically learn features of bytecode file which can be used to recognize malware. The proposed detection model avoids the procedure for analyzing malware features and designing the feature representation of malware. The experimental results show the proposed method is effective to detect malware, especially malware encrypted using polymorphic techniques.