RGB-based Android Malware Detection and Classification Using Convolutional Neural Network

Darwaish, Asim; Naït‐Abdesselam, Farid

doi:10.1109/globecom42002.2020.9348206

Cited by 12 publications

(10 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These methods converted a domain data into a 2D array in image form to apply the CNN-based network structure for image classification to problems in that same domain. Similar attempts have been made in malware family classification [5]- [7], [11], [33], [34], [36]. They convert a malware sample in string form into a 2D array form and apply 2D convolution filters to it.…”

Section: A 1-dimensional Convolution Filters For Malware Family Classificationmentioning

confidence: 95%

“…Darwaish and Naït-Abdesselam [34] converted several elements inside an APK file into an RGB image, and they fixed the image using the nearest neighbour interpolation. They extracted permissions, intents, activities and services from the manifest, then mapped the extracted information to the green channel.…”

Section: Background and Related Work A Structure Of Apk Filesmentioning

confidence: 99%

“…Since the proposed method uses high-dimensional data as it does not involve the resizing process, we set the batch size to 2 so that the computational burden is not too large. In 2D convolution filter-based methods [5]- [7], [11], [33], [34], [36] for performance comparison with the proposed method, we set the batch size to 32 because they reduce the size of the data sample in the process of converting input data into 2D array form. For learning stability, Radam [56] was used as the optimizer, and categorical cross entropy [57] was used as the loss function.…”

Section: A Dataset and Implementation Detailsmentioning

confidence: 99%

See 2 more Smart Citations

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

et al. 2022

View full text Add to dashboard Cite

It is important to effectively detect, mitigate, and defend against Android malware attacks, because Android malware has long represented a major threat to Android app security. Characterizing and classifying similar malicious apps into groups plays a particularly crucial role in building a secure Android app ecosystem. The classification of malware families can efficiently enhance the malware detection process and systematically elucidate malware patterns. In this paper, we propose a novel efficient deep learning network with multi-streams for Android malware family classification. We first obtain the input data for a convolutional neural network (CNN) in string format from some main files or sections contained in each Android malicious app. We then classify malware families by applying a 1-dimensional convolution filter-based network for the files or sections. Further, by using gradient analysis to visualize the important files and sections in malicious apps, we attempt to intuitively grasp which files or sections are the most significant for malware family classification. To validate the effectiveness of our approach, we conduct extensive experiments with the well-known DREBIN and AMD malware datasets, and we compare our approach with existing methods. Our experimental results show that the 1D CNN model is more accurate than the 2D CNN model, and that the code_item part in the classes.dex is the most relevant feature for malware classification, as it is more relevant than other parts such as AndroidManifest.xml and certificate. The proposed method achieves the best accuracy of 93.2% by using 1D convolution filters with multistreams for the main files and sections of the malware samples.

show abstract

Section: A 1-dimensional Convolution Filters For Malware Family Classificationmentioning

confidence: 95%

Section: Background and Related Work A Structure Of Apk Filesmentioning

confidence: 99%

Section: A Dataset and Implementation Detailsmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Darwaish and Naït-Abdesselam extracted permissions, activities, intents, services, providers, and receiver properties from the AndroidManifest.xml file using the .apk file Androguard [52] tool, as well as API calls, unique opcode sequences, and protected string properties [53]. Each character of all extracted application properties was converted into pixel values using ASCII code and filtering was performed with the help of a predefined dictionary [53].…”

Section: Related Studiesmentioning

confidence: 99%

Visualising Static Features and Classifying Android Malware Using a Convolutional Neural Network Approach

Kiraz,

Doğru

2024

Applied Sciences

View full text Add to dashboard Cite

Android phones are widely recognised as the most popular mobile phone operating system. Additionally, tasks like browsing the internet, taking pictures, making calls, and sending messages may be completed with ease in daily life because of the functionality that Android phones offer. The number of situations in which users are harmed by unauthorised access to data emerging from these processes is growing daily. Because the Android operating system is open source and generated applications are not thoroughly reviewed before being released onto the market, this scenario has been the primary focus of hackers. Therefore, technologies to distinguish between malware and benign Android applications are required. CNN-based techniques are proven to produce important and successful outcomes when applied to Android malware detection on images. The CICMalDroid 2020 dataset, which is currently utilised in the literature, was used for this purpose. The features of the apps in the dataset were obtained using the AndroPyTool tool, and faster analysis files of 17,089 Android applications were obtained using the parallel execution technique. Permissions, intents, receivers, and services were used as static analysis features in this article. After these features were obtained, as data preprocessing, the ones with a grand total equal to 1 for each feature in the whole dataset were excluded in order to exclude the features that were specially created by the applications themselves. For each of the features specified for each application, a comma-separated text was obtained according to the usage status of the application. The BERT method was used to digitise the pertinent texts in order to create a unique embedding vector for every feature. Following the digitisation of the vectors, picture files were produced based on the length of each feature. To create a single image file, these image files were combined side by side. Finally, these image files were classified with CNNs. Experimental results were obtained by applying CNNs to the dataset used in the study. As a result of the experiments, a CNN with two outputs provided the highest performance with an accuracy of 91%, an F1-score of 89%, a Recall of 90%, and a Precision of 91%.

show abstract

“…In [29], the authors created an adjacency matrix of Android APK and converted it into an image as an input to the CNN model. Darwaish et al developed an intelligent mapping algorithm of APK files to RGB images [31]. Their proposed system mapped the Manifest file to the green channel.…”

Section: Vision Ml-based Analysismentioning

confidence: 99%

An Automated Vision-Based Deep Learning Model for Efficient Detection of Android Malware Attacks

2022

View full text Add to dashboard Cite

Recently, cybersecurity experts and researchers have given special attention to developing cost-effective deep learning (DL)-based algorithms for Android malware detection (AMD) systems. However, the conventional AMD solutions necessitate extensive computations to achieve high accuracy in detecting Android malware apps. Consequently, there is a significant benefit in utilizing convolution neural networks (CNNs) in vision-based AMD applications to quickly and efficiently learn without prior stages of reverse engineering processes. Thus, this paper introduces an efficient and automated vision-based AMD model composed of 16 well-developed and fine-tuned CNN algorithms. This model precludes the need for a pre-designated features extraction process while generating accurate predictions of malware images with minimum cost and high detection speed. Such performance is achieved with colored or grayscale malware images, whether by using balanced or imbalanced datasets. Firstly, the bytecodes of the "classes.dex" files extracted from the Android benign and malware apps were converted to color and grayscale visual images before forwarding them to the developed CNN algorithms for classification. Then, the detection efficiency of the proposed AMD model was examined and evaluated using the imbalanced benchmark Leopard Android dataset that composes 14733 samples of malware apps and 2486 samples of benign apps. Finally, different experimental scenarios were conducted using balanced and imbalanced Android samples of color and grayscale images generated from the Leopard dataset; to extensively and sufficiently validate the detection and classification performance of the suggested model. A comprehensive assessment classification parameters in the evaluation experiments were applied to prove the high capability of the developed finetuned CNN algorithms in recognizing Android malware attacks with low computational overhead. As a result, the detection accuracy reached 99.40% for balanced samples and 98.05% for imbalanced samples. Furthermore, the proposed AMD model outperforms the existing approaches that utilize conventional vision-based algorithms and tested on the same benchmark Android dataset.

show abstract

RGB-based Android Malware Detection and Classification Using Convolutional Neural Network

Cited by 12 publications

References 16 publications

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

Visualising Static Features and Classifying Android Malware Using a Convolutional Neural Network Approach

An Automated Vision-Based Deep Learning Model for Efficient Detection of Android Malware Attacks

Contact Info

Product

Resources

About