research-article

A hybrid approach for Android malware detection using improved multi-scale convolutional neural networks and residual networks

Authors: Xingbing Fu, Chaofan Jiang, Chaorong Li, Jiangtao Li, Xiatian Zhu, Fagen LiAuthors Info & Claims

Volume 249, Issue PB

https://doi.org/10.1016/j.eswa.2024.123675

Published: 17 July 2024 Publication History

Abstract

The open-source nature of Android, along with its coarse-grained permission management and widespread use, has heightened its vulnerability to malware threats. However, many traditional approaches face limitations in extracting comprehensive features, which hinders accurate and efficient Android malware detection. In this paper, we propose an effective hybrid approach combining an improved multi-scale convolutional neural network (MSCNN) with residual networks (ResNet) to defend against Android malware. The approach comprises an enhanced feature extraction network and a detection network. Initially, we introduce MSCNN, a novel deep learning model for comprehensive feature extraction. The MSCNN extends into three branches at distinct levels, concatenating features from low to high dimensions. This multilevel structure preserves rich semantic features while avoiding complex feature selection and analysis. Further, ResNet is employed as the detection network, and the hybrid models’ performance is evaluated by comparison with a single ResNet. Finally, we validate the effectiveness of our approach by comparing our experimental results with state-of-the-arts. The experimental results show our approach effectively detects Android malware with high accuracy (99.20%) and precision (99.49%), and utilizing MSCNN as a multilevel feature extraction network significantly enhances the performance of the hybrid models, particularly, the F1-Score of MSCNN+ResNet18 increases by 4.8%.

Highlights

•

Propose an improved MSCNN model extracting features from various data levels.

•

Design hybrid models combining MSCNN with GRU, ResNet18, ResNet34 and ResNet50.

•

MSCNN acts as upper feature extraction layer.

•

GRU, ResNet18, ResNet34 and ResNet50 as detection network, respectively.

•

Our approach detects Android malware, and enhances the hybrid model performance.

References

[1]

Afonso V.M., de Amorim M.F., Grégio A.R.A., Junquera G.B., de Geus P.L., Identifying Android malware using dynamically obtained features, Journal of Computer Virology and Hacking Techniques 11 (2015) 9–17,.

[2]

Alhawi O.M.K., Baldwin J., Dehghantanha A., Leveraging machine learning techniques for windows ransomware network traffic detection, in: Cyber threat intelligence, Springer, 2018, pp. 93–106,.

[3]

An P., Wang Z., Zhang C., Ensemble unsupervised autoencoders and Gaussian mixture model for cyberattack detection, Information Processing & Management 59 (2) (2022),.

Digital Library

[4]

Arora A., Peddoju S.K., Conti M., PermPair: Android malware detection using permission pairs, IEEE Transactions on Information Forensics and Security 15 (2020) 1968–1982,.

[5]

Arshad S., Shah M.A., Wahid A., Mehmood A., Song H., Yu H., SAMADroid: A novel 3-level hybrid malware detection model for Android operating system, IEEE Access 6 (2018) 4321–4339,.

[6]

Cai Z., Fan Q., Feris R.S., Vasconcelos N., A unified multi-scale deep convolutional neural network for fast object detection, in: Computer Vision–ECCV 2016: 14th european conference, amsterdam, the netherlands, october 11–14, 2016, proceedings, part IV 14, Springer, 2016, pp. 354–370,.

[7]

Fan Y., Ye Y., Chen L., Malicious sequential pattern mining for automatic malware detection, Expert Systems with Applications 52 (2016) 16–25,.

Digital Library

[8]

Fatima A., Maurya R., Dutta M.K., Burget R., Masek J., Android malware detection using genetic algorithm based optimized feature selection and machine learning, in: 2019 42nd international conference on telecommunications and signal processing, IEEE, 2019, pp. 220–223,.

[9]

Feizollah A., Anuar N.B., Salleh R., Suarez-Tangil G., Furnell S., Androdialysis: Analysis of Android intent effectiveness in malware detection, Computers & Security 65 (2017) 121–134,.

Digital Library

[10]

Firdausi I., Lim C., Erwin A., Nugroho A.S., Analysis of machine learning techniques used in behavior-based malware detection, in: 2010 second international conference on advances in computing, control, and telecommunication technologies, IEEE, 2010, pp. 201–203,.

Digital Library

[11]

Griffin K., Schneider S., Hu X., Chiueh T.C., Automatic generation of string signatures for malware detection, in: Recent advances in intrusion detection: 12th international symposium, RAID 2009, saint-malo, france, september 23-25, 2009. proceedings 12, Springer, 2009, pp. 101–120,.

Digital Library

[12]

Han W., Xue J., Wang Y., Zhang F., Gao X., APTMalInsight: Identify and cognize APT malware based on system call information and ontology knowledge framework, Information Sciences 546 (2021) 633–664,.

[13]

He K., Zhang X., Ren S., Sun J., Deep residual learning for image recognition, in: Proceedings of the IEEE conference on computer vision and pattern recognition, 2016, pp. 770–778,.

[14]

Ijaz M., Durad M.H., Ismail M., Static and dynamic malware analysis using machine learning, in: 2019 16th international bhurban conference on applied sciences and technology, IEEE, 2019, pp. 687–691,.

[15]

Isohara T., Takemori K., Kubota A., Kernel-based behavior analysis for Android malware detection, in: 2011 seventh international conference on computational intelligence and security, IEEE, 2011, pp. 1011–1015,.

Digital Library

[16]

Javaid A., Niyaz Q., Sun W., Alam M., A deep learning approach for network intrusion detection system, in: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies, ICST, 2016, pp. 21–26,.

Digital Library

[17]

Khariwal K., Singh J., Arora A., IPDroid: Android malware detection using intents and permissions, in: 2020 fourth world conference on smart trends in systems, security and sustainability, IEEE, 2020, pp. 197–202,.

[18]

Kouliaridis V., Potha N., Kambourakis G., Improving android malware detection through dimensionality reduction techniques, in: Machine learning for networking: third international conference, MLN 2020, Paris, France, november 24–26, 2020, revised selected papers 3, Springer, 2021, pp. 57–72,.

Digital Library

[19]

Lashkari A.H., Kadir A.F.A., Taheri L., Ghorbani A.A., Toward developing a systematic approach to generate benchmark android malware datasets and classification, in: 2018 international carnahan conference on security technology, IEEE, 2018, pp. 1–7,.

[20]

Li W., Ge J., Dai G., Detecting malware for Android platform: An SVM-based approach, in: 2015 IEEE 2nd international conference on cyber security and cloud computing, IEEE, 2015, pp. 464–469,.

Digital Library

[21]

Li J., Sun L., Yan Q., Li Z., Srisa-an W., Ye H., Significant permission identification for machine-learning-based android malware detection, IEEE Transactions on Industrial Informatics 59 (2) (2018),.

[22]

Liu C., Wechsler H., A shape-and texture-based enhanced fisher classifier for face recognition, IEEE Transactions on Image Processing 59 (2) (2001),.

[23]

Mahdavifar, S., Abdul Kadir, A. F., Fatemi, R., Alhadidi, D., & Ghorbani, A. A. (2020). Dynamic Android Malware Category Classification using Semi-Supervised Deep Learning. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) 515–522 CICMalDroid 2020 dataset, vl.

[24]

Mahindru A., Sangal A., HybriDroid: An empirical analysis on effective malware detection model developed using ensemble methods, The Journal of Supercomputing 77 (2021) 8209–8251,.

Digital Library

[25]

Mahindru A., Sangal A., MLDroid–framework for Android malware detection using machine learning techniques, Neural Computing and Applications 59 (2) (2021),.

Digital Library

[26]

Milosevic N., Dehghantanha A., Choo K.K.R., Machine learning aided Android malware classification, Computers & Electrical Engineering 61 (2017) 266–274,.

[27]

Narayanan B.N., Djaneye-Boundjou O., Kebede T.M., Performance analysis of machine learning and pattern recognition algorithms for malware classification, in: 2016 IEEE national aerospace and electronics conference (NAECON) and ohio innovation summit, IEEE, 2016, pp. 338–342,.

[28]

Petrosyan A., Distribution of mobile malware worldwide 2022, by type, 2023, Retrieved from https://www.statista.com/statistics/653688/distribution-of-mobile-malware-type/. (Accessed 23 Dec 2023).

[29]

Raff E., Barker J., Sylvester J., Brandon R., Catanzaro B., Nicholas C., Malware detection by eating a whole exe, 2017, arXiv preprint arXiv:1710.09435.

[30]

Raff E., Zak R., Cox R., Sylvester J., Yacci P., Ward R., et al., An investigation of byte n-gram features for malware classification, Journal of Computer Virology and Hacking Techniques 14 (2018) 1–20,.

[31]

Sangal A., Verma H.K., A static feature selection-based android malware detection using machine learning techniques, in: 2020 international conference on smart electronics and communication, IEEE, 2020, pp. 48–51,.

[32]

Shalaginov A., Banin S., Dehghantanha A., Franke K., Machine learning aided static malware analysis: A survey and tutorial, Cyber Threat Intelligence (2018) 7–45,.

[33]

Slotta D., Number of new mobile malware variants observed on android platform by 360 security software monthly in China in 1st quarter 2022, 2023, Retrieved from https://www.statista.com/statistics/1017376/china-newly-detected-mobile-malware-on-android-platform/. (Accessed 23 Dec 2023).

[34]

Tabish S.M., Shafiq M.Z., Farooq M., Malware detection using statistical analysis of byte-level file content, in: Proceedings of the ACM SIGKDD workshop on cybersecurity and intelligence informatics, 2009, pp. 23–31,.

Digital Library

[35]

Taylor P., Forecast number of mobile users worldwide from 2020 to 2025, 2023, Retrieved from https://www.statista.com/statistics/218984/number-of-global-mobile-users-since-2010/. (Accessed 23 Dec 2023).

[36]

Tian K., Yao D., Ryder B.G., Tan G., Peng G., Detection of repackaged android malware with code-heterogeneity features, IEEE Transactions on Dependable and Secure Computing 59 (2) (2020),.

[37]

Ullah F., Alsirhani A., Alshahrani M.M., Alomari A., Naeem H., Shah S.A., Explainable malware detection system using transformers-based transfer learning and multi-model visual representation, Sensors 59 (2) (2022),.

[38]

Vasan D., Alazab M., Wassan S., Safaei B., Zheng Q., Image-based malware classification using ensemble of CNN architectures, IMCEC Computers & Security 92 (2020),.

[39]

Venkatraman S., Alazab M., Vinayakumar R., A hybrid deep learning image-based analysis for effective malware detection, Journal of Information Security and Applications 47 (2019) 377–389,.

Digital Library

[40]

Wang S., Chen Z., Yan Q., Ji K., Peng L., Yang B., et al., Deep and broad URL feature mining for android malware detection, Information Sciences 513 (2020) 600–613,.

Digital Library

[41]

Wang C., Xiao Z., Wu J., Functional connectivity-based classification of autism and control using SVM-RFECV on rs-fMRI data, Physica Medica 65 (2019) 99–105,.

[42]

Yakura H., Shinozaki S., Nishimura R., Oyama Y., Sakuma J., Neural malware analysis with attention mechanism, Computers & Security 87 (2019),.

Digital Library

[43]

Yumlembam R., Issac B., Jacob S.M., Yang L., IoT-based android malware detection using graph neural network with adversarial defense, IEEE Internet of Things Journal 59 (2) (2023),.

[44]

Zhang W., Luktarhan N., Ding C., Lu B., Android malware detection using tcn with bytecode image, Symmetry 59 (2) (2021),.

[45]

Zhang Z., Qi P., Wang W., Dynamic malware analysis with feature engineering and feature learning, Proceedings of the AAAI conference on artificial intelligence, 34, 2020, pp. 1210–1217,.

[46]

Zhang X., Zhang Y., Zhong M., Ding D., Cao Y., Zhang Y.B.L., et al., Enhancing state-of-the-art classifiers with api semantics to detect evolved android malware, in: Proceedings of the 2020 ACM SIGSAC conference on computer and communications security, 2020, pp. 757–770,.

Digital Library

[47]

Zheng M., Sun M., Lui J.C., Droid analytics: A signature based analytic system to collect, extract, analyze and associate Android malware, in: 2013 12th IEEE international conference on trust, security and privacy in computing and communications, IEEE, 2013, pp. 163–171,.

Digital Library

[48]

Zhu Z., Dumitraş T., Featuresmith: automatically engineering features for malware detection by mining the security literature, in: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, pp. 767–778,.

Digital Library

[49]

Zhu H., Wang L., Zhong S., Li Y., Sheng V.S., A hybrid deep network framework for Android malware detection, IEEE Transactions on Knowledge and Data Engineering 59 (2) (2022),.

Recommendations

EfficientNet convolutional neural networks-based Android malware detection
Abstract
Owing to the increasing number and complexity of malware threats, research on automated malware detection has become a hot topic in the field of network security. Traditional malware detection techniques require a lot of human ...
Android malware obfuscation variants detection method based on multi-granularity opcode features
Abstract
Android malware poses a serious security threat to ordinary mobile users. However, the obfuscation technology can generate malware variants, which can bypass existing detection methods and significantly reduce detection accuracy. ...
Highlights
- Anti-obfuscation features selection based on multi-granularity opcode features.
Android Malware Detection Based on Convolutional Neural Networks
CSAE '19: Proceedings of the 3rd International Conference on Computer Science and Application Engineering

Due to the open source and fragmentation of the Android system, its security is increasingly challenged. Currently, Android malware detection has certain deficiencies in large-scale and automation detection. In this paper, we proposed an Android malware ...

Comments

Information & Contributors

Information

Published In

cover image Expert Systems with Applications: An International Journal

Expert Systems with Applications: An International Journal Volume 249, Issue PB

Sep 2024

1582 pages

ISSN:0957-4174

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Pergamon Press, Inc.

United States

Publication History

Published: 17 July 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents