Android malware classification using convolutional neural network and LSTM

Hand phone devices are the latest technological developments of the 20th century. There is an increasing number of fishing, sniffing and other kinds of attacks in this field of technology. Although signature-based methods are usable, they are not very reliable when faced with new kinds of malwares a...

Full description

Saved in:
Bibliographic Details
Published in:Journal of Computer Virology and Hacking Techniques 2021-12, Vol.17 (4), p.307-318
Main Authors: Hosseini, Soodeh, Nezhad, Ali Emamali, Seilani, Hossein
Format: Article
Language:English
Subjects:
Artificial neural networks
Classification
Computer Science
Feature extraction
Malware
Methods
Neural networks
Original Paper
Recurrent neural networks
Source code
Support vector machines
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Hand phone devices are the latest technological developments of the 20th century. There is an increasing number of fishing, sniffing and other kinds of attacks in this field of technology. Although signature-based methods are usable, they are not very reliable when faced with new kinds of malwares and they are neither accurate nor enough. Furthermore, signature-based methods cannot efficiently detect rapid malware behavior changes. Our classification process consists of not only analyzing of the source code by using Jadx but also analyzing applications and extracting useful features. Two kinds of analyses are used which are called static and dynamic. We concentrate on Android malware classification using Call-Graph and by moreover generating Call-Graphs for both classes.dex and lib.so files which have not been worked before. The proposed method for classification is CNN-LSTM. Since this method is a reasonable choice to learn complex and sequential features, it benefits from both convolutional neural network and long short-term memory which is a type of recurrent neural network. In this method a Sequential Neural Network is designed to do sequence classification as well as conduct a set of experiments on malware detection. In conclusion, CNN-LSTM is compared with several classification methods like Convolutional Neural Network (CNN), Support Vector Machine (SVM), Naive Bayes, Random Forest, and other methods. Obtained results show that, our method is more effective, efficient, and reliable than others even by using the same hardware and dataset.
ISSN:2263-8733
2263-8733
DOI:10.1007/s11416-021-00385-z