Abstract
Machine Learning (ML) has found it particularly useful in malware detection.However, as the malware evolves very fast, the stability of the featureextracted from malware serves as a critical issue in malware detection. Recentsuccess of deep learning in image recognition, natural language processing, andmachine translation indicate a potential solution for stabilizing the malwaredetection effectiveness. We present a coloR-inspired convolutional neuRalnetwork-based AndroiD malware Detection (R2-D2), which can detect malwarewithout extracting pre-selected features (e.g., the control-flow of op-code,classes, methods of functions and the timing they are invoked etc.) fromAndroid apps. In particular, we develop a color representation for translatingAndroid apps into RGB color code and transform them to a fixed-sized encodedimage. After that, the encoded image is fed to convolutional neural network forautomatic feature extraction and learning, reducing the expert's intervention.We have collected over 1 million malware samples and 1 million benign samplesaccording to the data provided by Leopard Mobile Inc. from its core productSecurity Master (which has 623 million monthly active users and 10k new malwaresamples per day). It is shown that R2-D2 can effectively detect the malware.Furthermore, we keep our research results and release experiment material onhttp://R2D2.TWMAN.ORG if there is any update.