Deep Android Malware Detection

Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaeisemnani, Erik Trickel, Ziming Zhao, Adam Doupé, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

377 Citations (Scopus)
8670 Downloads (Pure)


In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods,
as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.
Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY) 2017
PublisherAssociation for Computing Machinery
Number of pages8
Publication statusPublished - 22 Mar 2017
EventACM Conference on Data and Applications Security and Privacy - Scottsdale, Arizona, United States
Duration: 22 Mar 201724 Mar 2017
Conference number: 7th


ConferenceACM Conference on Data and Applications Security and Privacy
Abbreviated titleCODASPY
Country/TerritoryUnited States
CityScottsdale, Arizona
Internet address


Dive into the research topics of 'Deep Android Malware Detection'. Together they form a unique fingerprint.

Cite this