Using Deep Neural Networks For Android Malware Detection

The pervasiveness of the Android operating system with the availability of applications for almost everything that is readily accessible in the official Google Play store or a dozen alternative third-party markets.Additionally,the vital role of smartphones in modern life leads to store significant information on devices,not only personal information but also corporate information.Hence,all these mobile devices,along with the abundance of critical information stored with them,have necessarily been propelled to the development of malware targeting Android mobile O.S.Malware could add charges to phone bills,send unsought messages to the contact list,collect a user's information,or provide an attacker control over the device.The first defense against Android malware is Play Protect in the official Google Play store,which can be verified when downloading apps and APK files using Google's official store or third-party stores.Another defense mechanism is Android Antivirus,which relies on signature-based databases for malware detection.Although signature-based antivirus software can effectively identify known malware,they cannot distinguish between new malware.To counter the signature-based limitations,heuristic scanning was developed to investigate commands that might imply malicious intent.But malware can escape heuristic scanning by blocking its malicious behavior.The increasing complexity of Android malware requires a new detection strategy.This paper proposes to use deep learning to detect Android malware,to find some patterns through deep learning to identify previously unobserved malware and to obtain a malware detection for Android.New effective solution.Specific research work includes:First,using static malware analysis to draw out five different features from AndroidManifest.xml file and java files namely:Permission combinations,Intent Filters,API Calls,Invalid certificate,and Presence of APK files in the asset folder.These features will be used to construct a feature vector.Second,Android malware detection algorithm based on three hidden layers deep neural network(DNN)is proposed.By using the feature vector of Android applications as a sample to train the DNN,it is possible to identify whether the Android application is malicious or not.The experimental results show that the accuracy of this method is 95.31%,which is higher than the existing shallow learning method and 9 deep neural network-based Android malware detection algorithms in the literature.Third,in order to solve the problem of the small number of samples of the labeled Android malware,the semi-supervised learning Android malware detection algorithm based on Autoencoder is further proposed.Different from other researchers' methods,this dissertation uses Autoencoder as a classifier.The labeled and unlabeled samples train the Autoencoder,increasing the accuracy to 96.81%,which is higher than the three-layer deep neural network.Finally,a recent dataset containing benign apps belonging to different categories in the Google Play store and malicious applications representing different malware types were collected.a comprehensive test of the system that includes evaluating the system performance with different features set,comparing the performance of the DNN with common machine learning methods,and comparison with some other work in the literature,uncovered that the proposed system can identify malware with high accuracy,even better than many recent works.