Android Malware Detection Using BERT

Souani, Badr; Khanfir, Ahmed; Bartel, Alexandre; Allix, Kevin; Le Traon, Yves

doi:10.1007/978-3-031-16815-4_31

Reference : Android Malware Detection Using BERT


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/52627

Title :	Android Malware Detection Using BERT
Language :	English
Translated title :	[en] Android Malware Detection Using BERT
Author, co-author :	Souani, Badr [University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) >]
	Khanfir, Ahmed [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal >]
	Bartel, Alexandre [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Allix, Kevin [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
	Le Traon, Yves [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal >]
Publication date :	24-Sep-2022
Main document title :	Applied Cryptography and Network Security Workshops
Translated title :	[en] Applied Cryptography and Network Security Workshops
Author, co-author :	Jianying, Zhou
Publisher :	Springer
Collection and collection volume :	LNCS 13285
Pages :	575–591
Peer reviewed :	Yes
On invitation :	Yes
Audience :	International
ISBN :	978-3-031-16815-4
City :	Berlin
Country :	Germany
Event name :	ACNS 2022: Applied Cryptography and Network Security Workshops
Event date :	June 20–23, 2022
Event organizer :	ACNS
Event place (city) :	Rome
Event country :	Italy
Keywords :	[en] Security ; Artificial intelligence ; Android
Abstract :	[en] In this paper, we propose two empirical studies to (1) detect Android malware and (2) classify Android malware into families. We rst (1) reproduce the results of MalBERT using BERT models learning with Android application's manifests obtained from 265k applications (vs. 22k for MalBERT) from the AndroZoo dataset in order to detect malware. The results of the MalBERT paper are excellent and hard to believe as a manifest only roughly represents an application, we therefore try to answer the following questions in this paper. Are the experiments from MalBERT reproducible? How important are Permissions for mal- ware detection? Is it possible to keep or improve the results by reducing the size of the manifests? We then (2) investigate if BERT can be used to classify Android malware into families. The results show that BERT can successfully di erentiate malware/goodware with 97% accuracy. Further- more BERT can classify malware families with 93% accuracy. We also demonstrate that Android permissions are not what allows BERT to successfully classify and even that it does not actually need it.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Security Design and Validation Research Group (SerVal)
Funders :	University of Luxembourg - UL
Name of the research project :	Android malware detection using BERT
Target :	Researchers
Permalink :	http://hdl.handle.net/10993/52627
DOI :	10.1007/978-3-031-16815-4_31
Other URL :	https://link.springer.com/chapter/10.1007/978-3-031-16815-4_31

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	BERT_Manifest_Article.pdf		Author preprint	261.27 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices