Visualising Static Features and Classifying Android Malware Using a Convolutional Neural Network Approach


Creative Commons License

Kiraz Ö., DOĞRU İ. A.

Applied Sciences (Switzerland), vol.14, no.11, 2024 (SCI-Expanded) identifier

  • Publication Type: Article / Article
  • Volume: 14 Issue: 11
  • Publication Date: 2024
  • Doi Number: 10.3390/app14114772
  • Journal Name: Applied Sciences (Switzerland)
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Aerospace Database, Agricultural & Environmental Science Database, Applied Science & Technology Source, Communication Abstracts, INSPEC, Metadex, Directory of Open Access Journals, Civil Engineering Abstracts
  • Keywords: Android, Android malware, Android security, BERT, CNN, deep learning, machine learning, static analysis
  • Gazi University Affiliated: Yes

Abstract

Android phones are widely recognised as the most popular mobile phone operating system. Additionally, tasks like browsing the internet, taking pictures, making calls, and sending messages may be completed with ease in daily life because of the functionality that Android phones offer. The number of situations in which users are harmed by unauthorised access to data emerging from these processes is growing daily. Because the Android operating system is open source and generated applications are not thoroughly reviewed before being released onto the market, this scenario has been the primary focus of hackers. Therefore, technologies to distinguish between malware and benign Android applications are required. CNN-based techniques are proven to produce important and successful outcomes when applied to Android malware detection on images. The CICMalDroid 2020 dataset, which is currently utilised in the literature, was used for this purpose. The features of the apps in the dataset were obtained using the AndroPyTool tool, and faster analysis files of 17,089 Android applications were obtained using the parallel execution technique. Permissions, intents, receivers, and services were used as static analysis features in this article. After these features were obtained, as data preprocessing, the ones with a grand total equal to 1 for each feature in the whole dataset were excluded in order to exclude the features that were specially created by the applications themselves. For each of the features specified for each application, a comma-separated text was obtained according to the usage status of the application. The BERT method was used to digitise the pertinent texts in order to create a unique embedding vector for every feature. Following the digitisation of the vectors, picture files were produced based on the length of each feature. To create a single image file, these image files were combined side by side. Finally, these image files were classified with CNNs. Experimental results were obtained by applying CNNs to the dataset used in the study. As a result of the experiments, a CNN with two outputs provided the highest performance with an accuracy of 91%, an F1-score of 89%, a Recall of 90%, and a Precision of 91%.