MalCaps: A Capsule Network Based Model for the Malware Classification

Zhang, Xiaoliang; Wu, Kehe; Chen, Zuge; Zhang, Chenyi

doi:10.3390/pr9060929

Cited by 13 publications

(4 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some approaches have leveraged other DL techniques to improve the classification performance of Android malware detection systems. Zhang et al 30 proposed a capsule network architecture for Android malware detection that overcomes the limitation of CNNs of requiring pooling layers by removing them and introducing capsule layers. Chimera, presented in, 31 uses multimodal DL composed of a DNN, CNN, and TN to learn features from DEX grayscale images, static data such as Android intents & permissions, and dynamic data such as sequences of system calls, respectively.…”

Section: Literature Surveymentioning

confidence: 99%

A two‐stage deep learning framework for image‐based android malware detection and variant classification

Yadav¹,

Menon²,

Ravi

et al. 2022

Computational Intelligence

View full text Add to dashboard Cite

With the popularity of the internet and smartphones, malware on smartphones has increased dramatically. In addition, the ubiquity and openness of the Android operating system have made it a lucrative platform for cybercriminals to develop malware. Traditional malware detection techniques require a lot of time and manual effort to classify malware accurately. Recently, deep learning (DL) based malware detection and classification techniques have been developed to solve this issue. This article proposes a DL-based two-stage framework that detects Android malware and classifies its variants using image-based malware representations of the Android DEX files. The framework uses the EfficientNetB0 convolutional neural network (CNN) to extracts relevant features from the malware color images. The extracted features are then passed through a global average pooling layer and fed into a stacking classifier. The stacking classifier employs linear support vector machine (SVM) and random forest (RF) algorithms as base-level classifiers and logistic regression as the meta-level classifier. This method obtained an accuracy of 100% in the binary classification of Android malware images and a 92.9% accuracy in All authors contributed equally to this article. 5-class (Adsware, Adware + Adware, Clicker + Trojan, Spyware, and Benign) classification, and an 88.6% accuracy in 4-class (Adsware, Adware + Adware, Clicker + Trojan, and Spyware) classification. We compared our method with 26 state-of-the-art pretrained CNN models (including the original Efficient-NetB0) and large-scale learning classifiers such as EfficientNetB0-SVM and EfficientNetB0-RF. The proposed framework outperformed the compared methods in all performance metrics. Experiments also demonstrate that substituting the softmax layer of CNNs with a large-scale learning classifier or stacking classifier results in an enhanced performance over the original network.

show abstract

Section: Literature Surveymentioning

confidence: 99%

A two‐stage deep learning framework for image‐based android malware detection and variant classification

Yadav¹,

Menon²,

Ravi

et al. 2022

Computational Intelligence

View full text Add to dashboard Cite

show abstract

“…There have been studies that have used different DL methods to improve Android malware detection systems' effectiveness. Capsule layers were utilized in place of pooling layers in CNNs, as demonstrated by Zhang et al [38]'s proposed network architecture. Chimera Schranko de Oliveira and Sassi [39] employed multimodal DL, which included a DNN, TN and CNN to learn features from images transformed from the DEX files, static data like permissions, Android intents and dynamic data like sequences of system calls [40].…”

Section: Android Malware Detection Based On Deep Learning and Machine...mentioning

confidence: 99%

A Proposed Artificial Intelligence Model for Android-Malware Detection

Taher,

Al Fandi,

Al Kfairy

et al. 2023

Informatics

View full text Add to dashboard Cite

There are a variety of reasons why smartphones have grown so pervasive in our daily lives. While their benefits are undeniable, Android users must be vigilant against malicious apps. The goal of this study was to develop a broad framework for detecting Android malware using multiple deep learning classifiers; this framework was given the name DroidMDetection. To provide precise, dynamic, Android malware detection and clustering of different families of malware, the framework makes use of unique methodologies built based on deep learning and natural language processing (NLP) techniques. When compared to other similar works, DroidMDetection (1) uses API calls and intents in addition to the common permissions to accomplish broad malware analysis, (2) uses digests of features in which a deep auto-encoder generates to cluster the detected malware samples into malware family groups, and (3) benefits from both methods of feature extraction and selection. Numerous reference datasets were used to conduct in-depth analyses of the framework. DroidMDetection’s detection rate was high, and the created clusters were relatively consistent, no matter the evaluation parameters. DroidMDetection surpasses state-of-the-art solutions MaMaDroid, DroidMalwareDetector, MalDozer, and DroidAPIMiner across all metrics we used to measure their effectiveness.

show abstract

“…Color images of Android application were used to train a ResNET for malware detection. In the layout used by Zhang et al [19], capsule layers replace pooling layers in CNNs. In Chimera et al [20], dense, convolutional, and textural neural networks were used to learn Android image patterns, for example, patterns of static permissions and authorizations and patterns of dynamic system calls.…”

Section: Literature Reviewmentioning

confidence: 99%

Explainable Artificial Intelligence-Based IoT Device Malware Detection Mechanism Using Image Visualization and Fine-Tuned CNN-Based Transfer Learning Model

Naeem

Alshammari

Ullah

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Automated malware detection is a prominent issue in the world of network security because of the rising number and complexity of malware threats. It is time-consuming and resource intensive to manually analyze all malware files in an application using traditional malware detection methods. Polymorphism and code obfuscation were created by malware authors to bypass the standard signature-based detection methods used by antivirus vendors. Malware detection using deep learning (DL) approaches has recently been implemented in an effort to address this problem. This study compares the detection of IoT device malware using three current state-of-the-art CNN models that have been pretrained. Large-scale learning performance using GNB, SVM, DT, LR, K-NN, and ensemble classifiers with CNN models is also included in the results. In light of the findings, a pretrained Inception-v3 CNN-based transfer learned model with fine-tuned strategy is proposed to identify IoT device malware by utilizing color image malware display of android Dalvik Executable File (DEX). Inception-v3 retrieves the malware’s most important features. After that, a global max-pooling layer is applied, and a SoftMax classifier is used to classify the features. Finally, gradient-weighted class activation mapping (Grad-CAM) along the t-distributed stochastic neighbor embedding (t-SNE) is used to understand the overall performance of the proposed method. The proposed method achieved an accuracy of 98.5% and 91%, respectively, in the binary and multiclass prediction of malware images from IoT devices, exceeding the comparison methods in different evaluation parameters.

show abstract

MalCaps: A Capsule Network Based Model for the Malware Classification

Cited by 13 publications

References 52 publications

A two‐stage deep learning framework for image‐based android malware detection and variant classification

A two‐stage deep learning framework for image‐based android malware detection and variant classification

A Proposed Artificial Intelligence Model for Android-Malware Detection

Explainable Artificial Intelligence-Based IoT Device Malware Detection Mechanism Using Image Visualization and Fine-Tuned CNN-Based Transfer Learning Model

Contact Info

Product

Resources

About