Zero-day malware samples pose a considerable danger to users as implicitly there are no documented defences for previously unseen, newly encountered behaviour. Malware detection therefore relies on past knowledge to attempt to deal with zero-days. Often such insight is provided by a human expert hand-crafting and pre-categorising certain features as malicious. However, tightly coupled feature-engineering based on previous domain knowledge risks not being effective when faced with a new threat. In this work we decouple this human expertise, instead encapsulating knowledge inside a deep learning neural net with no prior understanding of malicious characteristics. Raw input features consist of low-level opcodes, app permissions and proprietary Android API package usage. Our method makes three main contributions. Firstly, a novel multi-view deep learning Android malware detector with no specialist malware domain insight used to select, rank or hand-craft input features. Secondly, a comprehensive zero-day scenario evaluation using the Drebin and AMD benchmarks, with our model achieving weighted average detection rates of 91% and 81% respectively, an improvement of up to 57% over the state-of-the-art. Thirdly, a 77% reduction in false positives on average compared to the state-of-the-art, with excellent F1 scores of 0.9928 and 0.9963 for the general detection task again on the Drebin and AMD benchmark datasets respectively.

零日恶意软件样本对用户构成了相当大的危险，因为隐性地没有针对以前看不见的，新遇到的行为的书面防御。因此，恶意软件检测依靠过去的知识来尝试处理零时差。通常，此类洞察力是由人类专家手工制作并将某些功能预先归类为恶意的。但是，基于先前领域知识的紧密结合的功能设计面临着面临新威胁时无效的风险。在这项工作中，我们将人类的专业知识解耦，而是将知识封装在深度学习的神经网络中，而无需事先了解恶意特征。原始输入功能包括低级操作码，应用程序权限和专有的Android API软件包使用情况。我们的方法做出了三个主要贡献。首先，一种新颖的多视图深度学习Android恶意软件检测器，无需专门的恶意软件领域见解即可选择，排序或手工输入功能。其次，使用Drebin和AMD基准进行了全面的零日场景评估，我们的模型分别实现了91％和81％的加权平均检测率，比最新技术提高了57％。第三，与最新技术相比，误报率平均降低了77％，分别在Drebin和AMD基准数据集上的常规检测任务中，F1得分分别为0.9928和0.9963。我们的模型的加权平均检测率分别达到91％和81％，比最新技术提高了57％。第三，与最新技术相比，误报率平均降低了77％，分别在Drebin和AMD基准数据集上的常规检测任务中，F1得分分别为0.9928和0.9963。我们的模型的加权平均检测率分别达到91％和81％，比最新技术提高了57％。第三，与最新技术相比，误报率平均降低了77％，分别在Drebin和AMD基准数据集上的常规检测任务中，F1得分分别为0.9928和0.9963。