This project is a behavioral malware detection for Android application.

This project has a goal of classifying Android application as Malware or Goodware based on a Conventional Neural Network (CNN) model. The project is two-step process, first a learning process is executed to learn from a Goodware and Malware dataset.

In this step, We provide three scripts for analysing application, formatting results, and a learning process, respectively.

In the first step, we use a Bash script that interacts with an Android emulator (Genymotion) to install, execute, and simulate pseudo-random events in the application and listening for generated system calls simultaneously. These system calls (SCs) are saved in separate file and pulled from the machine.

After the analysing process, we format the resulted system calls from all the application as a matrix that calculate the distance between them (See the research paper bellow for more information). These format is similar to the pixels format for the picture and hence, we used the CNN algorithm used for classifying images.

We used a CNN algorithm to extract the features from our data and get a well trained model. I have an already trained model that I can provide if you wish. Our model has an accuracy of 93%.

After having our model trained, we can use it to classify new simple and get instant results.

A research paper has been published on our work, you can find it in this link: https://ieeexplore.ieee.org/abstract/document/8902627