Android malware dection using LSTM
To download all packages, do:
pip install pip install -r requirements.txtYou will also need to download the data set from here: https://heriotwatt-my.sharepoint.com/:u:/g/personal/bl2004_hw_ac_uk/EXbry3qVnPBCvPJxYTYL5rwBPJF5O-KLRNp8Zp7kv9R5sQ
This part is divided into 2 parts, decompilation and features extraction. During the decompilation part,the programme is going to decompile all the given apk. During the feature extraction part, the programme will look into the decompiled code to extract feature.
Open the file /FeatureExtraction/featureExtraction and change the value of DIR_PATH
by the absolute path the directory. If you are using windows change the IS_WINDOWS to True.
You will also need to download the data base from here:
To run the feature extraction you can run the following command:
python FeatureExtraction.py ./DataBase ./dest ./feature
This will decompile all the DataBase into the
./dest directory and all the features will be saved in the ./features directory.
Once you have decompile the apk you can change the value DECOMPILE_APK to False to skip the decompilation.
To run the classification on a feature set, you can run the following command:
Classifier.py ./feature/train_ANDROID_1629097675.8447692 ./feature/test_ANDROID_1629097675.8447692 ./DataBase/train ./DataBase/test
First parameter must be the path to your training feature set directory Second parameter must be the path to your test feature set directory Third parameter must be the path to your database train directory Fourth parameter must be the path to your database test directory