An adaptive semi-supervised deep learning-based framework for the detection of Android malware

Article type: Research Article

Authors: Wajahat, Ahsan^{a; b; 1; *} | He, Jingsha^{a; 2} | Zhu, Nafei^{a; 3} | Mahmood, Tariq^{c; 4} | Nazir, Ahsan^a | Pathan, Muhammad Salman^d | Qureshi, Sirajuddin^a | Ullah, Faheem^a

Affiliations: [a] Faculty of Information Technology, Beijing University of Technology, Beijing, Beijing, China | [b] Department of Computer Science, Lasbela University of Agriculture Water and Marine Sciences, Lasebla, Pakistan | [c] Faculty of Information Sciences, University of Education, Vehari Campus, Vehari, Pakistan | [d] Department of Computer Sciences Maynooth University, Ireland

Correspondence: [*] Corresponding author. Ahsan Wajahat, Faculty of Information Technology, Beijing University of Technology, Beijing, 100124, Beijing, China. E-mail: [email protected].

Note: [1] Ahsan Wajahat. Orcid: 0000-0003-4848-5281.

Note: [2] Jingsha He. Orcid: 0000-0002-8122-8052.

Note: [3] Nafei Zhu. Orcid: 0000-0003-4036-0724.

Note: [4] Tariq Mahmood. Orcid: 0000-0002-4299-7756.

Abstract: Positive developments in smartphone usage have led to an increase in malicious attacks, particularly targeting Android mobile devices. Android has been a primary target for malware exploiting security vulnerabilities due to the presence of critical applications, such as banking applications. Several machine learning-based models for mobile malware detection have been developed recently, but significant research is needed to achieve optimal efficiency and performance. The proliferation of Android devices and the increasing threat of mobile malware have made it imperative to develop effective methods for detecting malicious apps. This study proposes a robust hybrid deep learning-based approach for detecting and predicting Android malware that integrates Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM). It also presents a creative machine learning-based strategy for dealing with unbalanced datasets, which can mislead the training algorithm during classification. The proposed strategy helps to improve method performance and mitigate over- and under-fitting concerns. The proposed model effectively detects Android malware. It extracts both temporal and spatial features from the dataset. A well-known Drebin dataset was used to train and evaluate the efficacy of all creative frameworks regarding the accuracy, sensitivity, MAE, RMSE, and AUC. The empirical finding proclaims the projected hybrid ConvLSTM model achieved remarkable performance with an accuracy of 0.99, a sensitivity of 0.99, and an AUC of 0.99. The proposed model outperforms standard machine learning-based algorithms in detecting malicious apps and provides a promising framework for real-time Android malware detection.

Keywords: Android malware detection, deep learning, CNN, LSTM, Drebin dataset

DOI: 10.3233/JIFS-231969

Journal: Journal of Intelligent & Fuzzy Systems, vol. 45, no. 3, pp. 5141-5157, 2023