Abstract:The research on malware detection enabled by deep learning has become a hot issue in the field of network security. The existing malware detection methods based on deep learning suffer from some issues, such as weak ability of deep feature extraction, relatively complex model, and insufficient ability of model generalization. Traditional deep learning architectures, such as convolutional neural networks (CNNs) variants, do not consider the spatial hierarchies between features, and lose some information on the … Show more
“…Some approaches have leveraged other DL techniques to improve the classification performance of Android malware detection systems. Zhang et al 30 proposed a capsule network architecture for Android malware detection that overcomes the limitation of CNNs of requiring pooling layers by removing them and introducing capsule layers. Chimera, presented in, 31 uses multimodal DL composed of a DNN, CNN, and TN to learn features from DEX grayscale images, static data such as Android intents & permissions, and dynamic data such as sequences of system calls, respectively.…”
With the popularity of the internet and smartphones, malware on smartphones has increased dramatically. In addition, the ubiquity and openness of the Android operating system have made it a lucrative platform for cybercriminals to develop malware. Traditional malware detection techniques require a lot of time and manual effort to classify malware accurately. Recently, deep learning (DL) based malware detection and classification techniques have been developed to solve this issue. This article proposes a DL-based two-stage framework that detects Android malware and classifies its variants using image-based malware representations of the Android DEX files. The framework uses the EfficientNetB0 convolutional neural network (CNN) to extracts relevant features from the malware color images. The extracted features are then passed through a global average pooling layer and fed into a stacking classifier. The stacking classifier employs linear support vector machine (SVM) and random forest (RF) algorithms as base-level classifiers and logistic regression as the meta-level classifier. This method obtained an accuracy of 100% in the binary classification of Android malware images and a 92.9% accuracy in All authors contributed equally to this article. 5-class (Adsware, Adware + Adware, Clicker + Trojan, Spyware, and Benign) classification, and an 88.6% accuracy in 4-class (Adsware, Adware + Adware, Clicker + Trojan, and Spyware) classification. We compared our method with 26 state-of-the-art pretrained CNN models (including the original Efficient-NetB0) and large-scale learning classifiers such as EfficientNetB0-SVM and EfficientNetB0-RF. The proposed framework outperformed the compared methods in all performance metrics. Experiments also demonstrate that substituting the softmax layer of CNNs with a large-scale learning classifier or stacking classifier results in an enhanced performance over the original network.
“…Some approaches have leveraged other DL techniques to improve the classification performance of Android malware detection systems. Zhang et al 30 proposed a capsule network architecture for Android malware detection that overcomes the limitation of CNNs of requiring pooling layers by removing them and introducing capsule layers. Chimera, presented in, 31 uses multimodal DL composed of a DNN, CNN, and TN to learn features from DEX grayscale images, static data such as Android intents & permissions, and dynamic data such as sequences of system calls, respectively.…”
With the popularity of the internet and smartphones, malware on smartphones has increased dramatically. In addition, the ubiquity and openness of the Android operating system have made it a lucrative platform for cybercriminals to develop malware. Traditional malware detection techniques require a lot of time and manual effort to classify malware accurately. Recently, deep learning (DL) based malware detection and classification techniques have been developed to solve this issue. This article proposes a DL-based two-stage framework that detects Android malware and classifies its variants using image-based malware representations of the Android DEX files. The framework uses the EfficientNetB0 convolutional neural network (CNN) to extracts relevant features from the malware color images. The extracted features are then passed through a global average pooling layer and fed into a stacking classifier. The stacking classifier employs linear support vector machine (SVM) and random forest (RF) algorithms as base-level classifiers and logistic regression as the meta-level classifier. This method obtained an accuracy of 100% in the binary classification of Android malware images and a 92.9% accuracy in All authors contributed equally to this article. 5-class (Adsware, Adware + Adware, Clicker + Trojan, Spyware, and Benign) classification, and an 88.6% accuracy in 4-class (Adsware, Adware + Adware, Clicker + Trojan, and Spyware) classification. We compared our method with 26 state-of-the-art pretrained CNN models (including the original Efficient-NetB0) and large-scale learning classifiers such as EfficientNetB0-SVM and EfficientNetB0-RF. The proposed framework outperformed the compared methods in all performance metrics. Experiments also demonstrate that substituting the softmax layer of CNNs with a large-scale learning classifier or stacking classifier results in an enhanced performance over the original network.
“…There have been studies that have used different DL methods to improve Android malware detection systems' effectiveness. Capsule layers were utilized in place of pooling layers in CNNs, as demonstrated by Zhang et al [38]'s proposed network architecture. Chimera Schranko de Oliveira and Sassi [39] employed multimodal DL, which included a DNN, TN and CNN to learn features from images transformed from the DEX files, static data like permissions, Android intents and dynamic data like sequences of system calls [40].…”
Section: Android Malware Detection Based On Deep Learning and Machine...mentioning
There are a variety of reasons why smartphones have grown so pervasive in our daily lives. While their benefits are undeniable, Android users must be vigilant against malicious apps. The goal of this study was to develop a broad framework for detecting Android malware using multiple deep learning classifiers; this framework was given the name DroidMDetection. To provide precise, dynamic, Android malware detection and clustering of different families of malware, the framework makes use of unique methodologies built based on deep learning and natural language processing (NLP) techniques. When compared to other similar works, DroidMDetection (1) uses API calls and intents in addition to the common permissions to accomplish broad malware analysis, (2) uses digests of features in which a deep auto-encoder generates to cluster the detected malware samples into malware family groups, and (3) benefits from both methods of feature extraction and selection. Numerous reference datasets were used to conduct in-depth analyses of the framework. DroidMDetection’s detection rate was high, and the created clusters were relatively consistent, no matter the evaluation parameters. DroidMDetection surpasses state-of-the-art solutions MaMaDroid, DroidMalwareDetector, MalDozer, and DroidAPIMiner across all metrics we used to measure their effectiveness.
“…Color images of Android application were used to train a ResNET for malware detection. In the layout used by Zhang et al [19], capsule layers replace pooling layers in CNNs. In Chimera et al [20], dense, convolutional, and textural neural networks were used to learn Android image patterns, for example, patterns of static permissions and authorizations and patterns of dynamic system calls.…”
Automated malware detection is a prominent issue in the world of network security because of the rising number and complexity of malware threats. It is time-consuming and resource intensive to manually analyze all malware files in an application using traditional malware detection methods. Polymorphism and code obfuscation were created by malware authors to bypass the standard signature-based detection methods used by antivirus vendors. Malware detection using deep learning (DL) approaches has recently been implemented in an effort to address this problem. This study compares the detection of IoT device malware using three current state-of-the-art CNN models that have been pretrained. Large-scale learning performance using GNB, SVM, DT, LR, K-NN, and ensemble classifiers with CNN models is also included in the results. In light of the findings, a pretrained Inception-v3 CNN-based transfer learned model with fine-tuned strategy is proposed to identify IoT device malware by utilizing color image malware display of android Dalvik Executable File (DEX). Inception-v3 retrieves the malware’s most important features. After that, a global max-pooling layer is applied, and a SoftMax classifier is used to classify the features. Finally, gradient-weighted class activation mapping (Grad-CAM) along the t-distributed stochastic neighbor embedding (t-SNE) is used to understand the overall performance of the proposed method. The proposed method achieved an accuracy of 98.5% and 91%, respectively, in the binary and multiclass prediction of malware images from IoT devices, exceeding the comparison methods in different evaluation parameters.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.