The sound of malware: an audio fingerprinting malware detection method

The sound of malware: an audio fingerprinting malware detection method

연구 분야: Safety

학회: International Journal of Information Security

The increasing complexity of Android malware has increased the need for efficient detection methods. Researchers have introduced new frameworks for analyzing Android malware in response to the growing threat of malicious applications. Traditional static analysis methods, which are widely used, are susceptible to obfuscation and can be bypassed easily. However, although dynamic analysis is more resilient, it is computationally intensive and costly to implement. In this paper, we introduce MalWave, a novel approach that uses audio signal processing to detect Android malware by converting Dalvik Executable (DEX) file sequences into audio signals. The extracted audio fingerprints are used as features for classification, addressing (i) malware detection, (ii) family classification, and (iii) packed malware detection. Evaluated on the AMD and AndroZoo datasets, MalWave achieves an F1+ score of 82.6% for malware detection and 68.7% for family classification, particularly in mostly represented categories. Despite challenges in detecting packed malware, MalWave demonstrates high computational efficiency, with feature extraction taking just 0.3 seconds on average per sample, making it a suitable tool for real-time detection in resource-constrained environments.