Falcon: Malware Detection and Categorization with Network Traffic Images
Android is the most dominant operating system in the mobile ecosystem, and it became one of the favorite platforms for adversarial for discovering new victims through malicious apps. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, sparking the urge to develop an efficient way to detect Android malware. In this paper, we present Falcon, an Android malware detection and categorization framework. We treat network traffic classification task as a 2D image sequence classification and handle each network packet as a 2D image. Furthermore, we use a bidirectional LSTM network to process those converted 2D images to obtain the network vectors. We then utilize those converted vectors to detect and categorize the malware. Our results reveal that Falcon yields better results than other systems as we get 97.16% accuracy on average for malware detection and 88.32% accuracy for malware categorization.
Falcon: Malware Detection and Categorization with Network Traffic Images
| Authors: | Peng Xu, Claudia Eckert, and Apostolis Zarras |
| Year/month: | 2021/ |
| Booktitle: | ICANN - The International Conference on Artificial Neural Networks |
| Fulltext: | Falcon.pdf |
Abstract |
|
| Android is the most dominant operating system in the mobile ecosystem, and it became one of the favorite platforms for adversarial for discovering new victims through malicious apps. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, sparking the urge to develop an efficient way to detect Android malware. In this paper, we present Falcon, an Android malware detection and categorization framework. We treat network traffic classification task as a 2D image sequence classification and handle each network packet as a 2D image. Furthermore, we use a bidirectional LSTM network to process those converted 2D images to obtain the network vectors. We then utilize those converted vectors to detect and categorize the malware. Our results reveal that Falcon yields better results than other systems as we get 97.16% accuracy on average for malware detection and 88.32% accuracy for malware categorization. | |
Bibtex:
@conference {author = { Peng Xu and Claudia Eckert and Apostolis Zarras },
title = { Falcon: Malware Detection and Categorization with Network Traffic Images },
year = { 2021 },
booktitle = { ICANN - The International Conference on Artificial Neural Networks },
url = {https://www.sec.in.tum.de/i20/publications/falcon-malware-detection-and-categorization-with-network-traffic-images/@@download/file/Falcon.pdf}
}