Android Malware Detection Using Deep Learning Approach
Keywords:
Android security, malware detection, machine learning, deep learning, static analysis, dynamic analysis, feature extraction, mobile security, classification algorithmsAbstract
This paper presents a novel framework for detecting malware in Android applications using advanced machine learning techniques. Our approach combines static and dynamic analysis with deep learning algorithms to identify malicious patterns in Android applications. We propose a hybrid feature extraction method that captures both code- based and behavioral attributes, followed by a multi-layer classification model that achieves high detection accuracy. Experiments conducted on a comprehensive dataset of benign and malicious applications demonstrate the effectiveness of our approach, achieving 97.8% accuracy, 96.5% precision, and 98.2% recall. The proposed framework outperforms traditional signature-based methods and several existing machine learning approaches, showing promise for real-time malware detection in resource-constrained mobile environments
Downloads
References
A. Desnos, "Andro guard: Reverse engineering, malware and good ware analysis of Android applications," in Proc. BlackHat Technical Security Conference, 2013,pp. 37-45.
X. Wei et al., "APKInspector: A comprehensive static analysis tool for Android applications," in Proc. 25th USENIX Security Symposium, 2016, pp. 141-156.
V. Rastogi, Y. Chen, and X. Jiang, "DroidChameleon: Evaluating Android anti-malware against transformation attacks," in Proc. 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, 2013, pp. 329-340.
D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and
K. Rieck, "DREBIN: Effective and explainable detection of Android malware in your pocket," in Proc. Network and Distributed System Security Symposium (NDSS), 2014,pp. 23-26.
K. Chen, P. Wang, Y. Lee, X. Wang, N. Zhang, H. Huang, W. Zou, and P. Liu, "Finding unknown malice in 10 seconds: Mass vetting for new threats at the Google- Play scale," in Proc. 24th USENIX Security Symposium, 2015, pp. 659-674.
M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "RiskRanker: Scalable and accurate zero-day Android malware detection," in Proc. 10th International Conference on Mobile Systems, Applications, and Services, 2012, pp. 281-294.
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B. Chun,
L. Cox, J. Jung, P. McDaniel, and A. Sheth, "TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones," ACM Transactions on Computer Systems, vol. 32, no. 2, pp. 1-29, 2014.
I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: Behavior-based malware detection system for Android," in Proc. 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, 2011, pp. 15-26.
L. K. Yan and H. Yin, "DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis," in Proc. 21st USENIX Security Symposium, 2012, pp. 569-584.
F. A. Narudin, A. Feizollah, N. B. Anuar, and A. Gani, "Evaluation of machine learning classifiers for mobile malware detection," Soft Computing, vol. 20, no. 1, pp. 343-357, 2016.
Z. Yuan, Y. Lu, Z. Wang, and Y. Xue, "Droid-Sec: Deep learning in Android malware detection," in Proc. ACM SIGCOMM Computer Communication Review, vol. 44, no. 4, 2014, pp. 371-372.
E. B. Karbab, M. Debbabi, A. Derhab, and D. Mouheb, "MalDozer: Automatic framework for Android malware detection using deep learning," Digital Investigation, vol. 24, pp. S48-S59, 2018.
D. J. Wu, C. H. Mao, T. E. Wei, H. M. Lee, and K. P.
Wu, "DroidMat: Android malware detection through manifest and API calls tracing," in Proc. 7th Asia Joint Conference on Information Security, 2012, pp. 62-69.
S. Y. Yerima and S. Sezer, "DroidFusion: A novel multilevel classifier fusion approach for Android malware detection," IEEE Transactions on Cybernetics, vol. 49, no. 2, pp. 453-466, 2019.
E. Mariconti, L. Onwuzurike, P. Andriotis, E. De Cristofaro, G. Ross, and G. Stringhini, "MaMaDroid: Detecting Android malware by building Markov chains of behavioral models," in Proc. Network and Distributed System Security Symposium (NDSS), 2017, pp. 1-15.
N. McLaughlin, J. Martinez del Rincon, B. Kang, S. Yerima, P. Miller, S. Sezer, Y. Safaei, E. Trickel, Z. Zhao,
A. Doupé, and G. Joon Ahn, "Deep Android malware
detection," in Proc. 7th ACM Conference on Data and Application Security and Privacy, 2017, pp. 301-308.S. Chen, M. Xue, L. Fan, S. Hao, L. Xu, H. Zhu, and
B. Li, "Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach," Computers & Security, vol. 73, pp. 326-344, 2018.
Y. Li, J. Yang, Y. Song, L. Cao, J. Luo, and L. Li, "Learning from limited samples: Towards robust deep neural networks for Android malware detection," IEEE Transactions on Information Forensics and Security, vol. 15, pp. 2288-2301, 2020.
T. Wang, Y. Li, G. Wang, J. Cao, M. Z. A. Bhuiyan, and W. Jia, "Sustainable and efficient data collection in cognitive mobile crowdsensing," IEEE Transactions on Sustainable Computing, vol. 4, no. 2, pp. 238-250, 2019.
H. Cai, N. Meng, B. Ryder, and D. Yao, "DroidCat: Effective Android malware detection and categorization via app-level profiling," IEEE Transactions on Information Forensics and Security, vol. 14, no. 6, pp. 1455-1470, 2019.
D. Krishna and S. P. Chepuri, "DeepDroid: Feature extraction using 3D-CNN for Android malware detection," in Proc. IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2022,pp. 3591-3595.
Z. Xu, K. Ren, and F. Song, "Android malware family classification based on ensemble learning," in Proc. IEEE Conference on Communications and Network Security (CNS), 2021, pp. 14-22.
L. Sun, Z. Li, Q. Yan, W. Srisa-an, and Y. Pan, "SigPID: Significant permission identification for Android malware detection," in Proc. 11th International Conference on Malicious and Unwanted Software (MALWARE), 2016, pp. 1-8.
K. Allix, T. F. Bissyandé, J. Klein, and Y. Le Traon, "AndroZoo: Collecting millions of Android apps for the research community," in Proc. 13th International Conference on Mining Software Repositories, 2016, pp. 468-471.
M. K. Alzaylaee, S. Y. Yerima, and S. Sezer, "DL- Droid: Deep learning based Android malware detection using real devices," Computers & Security, vol. 89, pp. 101663, 2020.
W. Li, Z. Wang, J. Cai, and S. Cheng, "An Android malware detection approach using weight-adjusted deep learning," in Proc. IEEE International Conference on Communications (ICC), 2021, pp. 1-6.
C. Yang, Z. Xu, G. Gu, V. Yegneswaran, and P. Porras, "DroidMiner: Automated mining and characterization of fine-grained behavior patterns in Android applications," in Proc. 21st ACM Conference on
Computer and Communications Security, 2014, pp. 885- 896.
D. Arp, E. Quiring, F. Pendlebury, A. Warnecke, F. Pierazzi, C. Wressnegger, L. Cavallaro, and K. Rieck, "Dos and don'ts of machine learning in computer security," in Proc. 31st USENIX Security Symposium, 2022, pp. 3971-3988.
F. Pendlebury, F. Pierazzi, R. Jordaney, J. Kinder, and L. Cavallaro, "TESSERACT: Eliminating experimental bias in malware classification across space and time," in Proc. 28th USENIX Security Symposium, 2019, pp. 729-746.
A. Narayanan, M. Chandramohan, L. Chen, and Y. Liu, "A multi-view context-aware approach to Android malware detection and malicious code localization," Empirical Software Engineering, vol. 23, no. 3, pp. 1222-1274, 2018.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Chappati Jahnavi, S. Srinivasa Rao
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
