Syed Ibrahim Imtiaz,Saif ur Rehman,Abdul Rehman Javed,Zunera Jalil,Xuan Liu,Waleed S. Alnumay

DOI: https://doi.org/10.1016/j.future.2020.10.008

2021-01-01

Abstract:Android smartphones are being utilized by a vast majority of users for everyday planning, data exchanges, correspondences, social interaction, business execution, bank transactions, and almost in each walk of everyday lives. With the expansion of human reliance on smartphone technology, cyberattacks against these devices have surged exponentially. Smartphone applications use permissions to utilize various functionalities of the smartphone that can be maneuvered to launch an attack or inject malware by hackers. Existing studies present various approaches to detect Android malware but lack early detection and identification. Accordingly, there is a dire need to craft an efficient mechanism for malicious applications’ detection before they exploit the data. In this paper, a novel approach DeepAMD to defend against real-world Android malware using deep Artificial Neural Network (ANN) has been adopted including an efficiency comparison of DeepAMD with conventional machine learning classifiers and state-of-the-art studies based on performance measures such as accuracy, recall, f-score, and precision. As per the experimental analysis, DeepAMD outperforms other approaches in detecting and identifying malware attacks on both Static as well as Dynamic layers. On the Static layer, DeepAMD achieves the highest accuracy of 93.4% for malware classification, 92.5% for malware category classification, and 90% for malware family classification. On the Dynamic layer, DeepAMD achieves the highest accuracy of 80.3% for malware category classification and 59% for malware family classification in comparison with the state-of-the-art techniques.

Dongfang Li,Zhaoguo Wang,Yibo Xue

DOI: https://doi.org/10.1109/ICACCE.2018.8441737

2018-01-01

Abstract:The security issue of Android Smart Phones has been most concerned by the users these years. We propose a novel method to extract exhaustive features from Android applications and use the deep-learning-based method to detect malicious applications. Then we implement an automatic detection engine, DeepDetector, to detect malicious applications. Furthermore, the detection model can identify the fine-grained malware family at the same time. We conducted the evaluation and analysis with thousands of malicious applications and benign applications from a public dataset. The results show that DeepDetector can detect 97% of the malware at 0.1 % false positive rate (FPR) and achieves a 96% precision when showing the detailed malware families. Besides, the relationship between the detection performance and the architecture of the neural network is also discussed in our work.

Hui-Juan Zhu,Liang-Min Wang,Sheng Zhong,Yang Li,Victor S. Sheng,Huijuan Zhu,Liangmin Wang

DOI: https://doi.org/10.1109/tkde.2021.3067658

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Android is a growing target for malicious software (malware) because of its popularity and functionality. Malware poses a serious threat to users' privacy, money, equipment and file integrity. A series of data-driven malware detection methods were proposed. However, there exist two key challenges for these methods: (1) how to learn effective feature representation from raw data; (2) how to reduce the dependence on the prior knowledge or human labors in feature learning. Inspired by the success of deep learning methods in the feature representation learning community, we propose a malware detection framework which starts with learning rich-features by a novel unsupervised feature learning algorithm Merged Sparse Auto-Encoder (MSAE). In order to extract more compact and discriminative feature from the rich-features to further boost the malware detection capability, a hybrid deep network learning algorithm Stacked Hybrid Learning MSAE and SDAE (SHLMD) is established by further incorporating a classical deep learning method Stacked Denoising Auto-encoders (SDAE). After that, we feed the feature learned by MSAE and SHLMD respectively to classification algorithms, e.g., Support Vector Machine (SVM) or K-NearestNeighbor (KNN), to train a malware detection model. Evaluation results on two real-world datasets demonstrate that SHLMD achieves 94.46 and 90.57 percent accuracy respectively, which outperforms the classical unsupervised feature representation learning Sparse Auto-encoder (SAE). MSAE performs similarly to SAE. SHLMD can further improve the performance of MSAE and the supervised fine-tuned method SDAE. Besides, we compare the performance of our methods with that of state-of-the-art detection approaches, including classical deep-learning-based methods. Extensive experiments show that our proposed methods are effective enough to detect Android malware.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Jiayin Feng,Limin Shen,Zhen Chen,Yuying Wang,Hui Li

DOI: https://doi.org/10.1109/access.2020.3008081

IF: 3.9

2020-01-01

IEEE Access

Abstract:Because of the characteristic of openness and flexibility, Android has become the most popular mobile platform. However, it has also become the most targeted system by mobile malware. It is necessary for the users to have a fast and reliable detection method. In this paper, a two-layer method is proposed to detect malware in Android APPs. The first layer is permission, intent and component information based static malware detection model. It combines the static features with fully connected neural network to detect the malware and test its effectiveness through experiment, the detection rate of the first layer is 95.22%. Then the result (benign APPs from the first layer) is input into the second layer. In the second layer, a new method CACNN which cascades CNN and AutoEncoder, is used to detect malware through network traffic features of APPs. The detection rate of the second layer is 99.3% in binary classification (2-classifier). Moreover, the new two-layer model can also detect malware by its category (4-classifier) and malicious family (40-classifier). The detection rates are 98.2% and 71.48% respectively. The experimental results show that our two-layer method not only can achieve semi-supervise learning, but also can effectively improve the detection rate of malicious Android APPs.

Ahsan Wajahat,Jingsha He,Nafei Zhu,Tariq Mahmood,Ahsan Nazir,Muhammad Salman Pathan,Sirajuddin Qureshi,Faheem Ullah

DOI: https://doi.org/10.3233/jifs-231969

2023-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Positive developments in smartphone usage have led to an increase in malicious attacks, particularly targeting Android mobile devices. Android has been a primary target for malware exploiting security vulnerabilities due to the presence of critical applications, such as banking applications. Several machine learning-based models for mobile malware detection have been developed recently, but significant research is needed to achieve optimal efficiency and performance. The proliferation of Android devices and the increasing threat of mobile malware have made it imperative to develop effective methods for detecting malicious apps. This study proposes a robust hybrid deep learning-based approach for detecting and predicting Android malware that integrates Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM). It also presents a creative machine learning-based strategy for dealing with unbalanced datasets, which can mislead the training algorithm during classification. The proposed strategy helps to improve method performance and mitigate over- and under-fitting concerns. The proposed model effectively detects Android malware. It extracts both temporal and spatial features from the dataset. A well-known Drebin dataset was used to train and evaluate the efficacy of all creative frameworks regarding the accuracy, sensitivity, MAE, RMSE, and AUC. The empirical finding proclaims the projected hybrid ConvLSTM model achieved remarkable performance with an accuracy of 0.99, a sensitivity of 0.99, and an AUC of 0.99. The proposed model outperforms standard machine learning-based algorithms in detecting malicious apps and provides a promising framework for real-time Android malware detection.

Ahsan Wajahat,Jingsha He,Nafei Zhu,Tariq Mahmood,Ahsan Nazir,Faheem Ullah,Sirajuddin Qureshi,Musa Osman

DOI: https://doi.org/10.3233/idt-230284

2024-01-01

Abstract:With the rise in the use of Android smartphones, there has been a proportional surge in the proliferation of malicious applications (apps). As mobile phone users are at a heightened risk of data theft, detecting malware on Android devices has emerged as a pressing concern within the realm of cybersecurity. Conventional techniques, such as signature-based routines, are no longer sufficient to safeguard users from the continually evolving sophistication and swift behavioral modifications of novel varieties of Android malware. Hence, there has been a significant drive in recent times towards leveraging machine learning (ML) models and methodologies to identify and generalize malicious behavioral patterns of mobile apps for detecting malware. This paper proposes Deep learning (DL) based on new and highly reliable classifier, deep neural decision forest (DNDF) for detecting Android malware. Two datasets were used: Drebin and 2014 for comparison with previous studies, and TUANDROMD collected in 2021 for detecting the latest threats with advanced obfuscation and morphing techniques. We have also calculated the time-consuming and computational resources taken by our classifier. After conducting a thorough performance evaluation, our proposed approach attained impressive results on two datasets. The empirical findings reveal that the proposed DBN and DNDF models demonstrated exceptional performance, achieving an accuracy of 99%, a sensitivity of 1, and an AUC value of 0.98%. The metrics we obtained are comparable to those of state-of-the-art ML-based Android malware detection techniques and several commercial antivirus engines.

Tianshi Mu,Huajun Chen,Jinran Du,Aidong Xu

DOI: https://doi.org/10.1109/imcec46724.2019.8983860

2019-01-01

Abstract:With the in-depth development of the Internet industry, the mobile Internet has been effectively integrated into daily work. However, Android has many extremely serious security issues. In our work, we apply text classification technology to the detection of Android malware, based on the deep learning. We extract the Android malware API sequence based on the Cuckoo sandbox, and use the text processing technology to solve the detection problem of Android malware. To evaluating the performance of our system, we compared it with Dalvik based on the Bi-LSTM. The accuracy of API extraction method using Cuckoo is higher than Dalvik, reaching the accuracy of 96.74%. To further verify the effects of different models, we compared it with GRU, BGRU and LSTM using Cuckoo Sandbox as API extraction method. The result demonstrate the Bi-LSTM has the highest accuracy.

Wei Gu,Hongyan Xing,Tianhao Hou

DOI: https://doi.org/10.1049/cmu2.12754

IF: 1.345

2024-04-29

IET Communications

Abstract:An Android malware detection framework, AMERDroid, is proposed. A novel deep network, AMERNet, is designed to learn informative features. A dataset (8,981 benign and 7,896 malware) is constructed. Due to its open source and large user base, Android has emerged as the most popular operating system. Android's popularity and openness have made it a prime target for malicious attackers. Permissions have received great attention from researchers because of their effectiveness in restricting applications' access to sensitive resources. However, existing malware detection methods based on permissions are easily bypassed by inter‐application resource access. To address these issues, we combine inter‐application resource access‐related intent features with permission features. Besides, we designed a customized convolutional neural network using two squeeze‐and‐excitation blocks to learn the inherent relationships between multi‐type features. The two basic SE blocks perform squeezing operations based on average pooling and max pooling, respectively, to compute channel‐wise attention from multiple perspectives. We designed a series of experiments based on real‐world samples to evaluate the efficacy of the proposed framework. Empirical results demonstrate that our framework outperforms state‐of‐the‐art methods, achieving an accuracy of 96.29%, precision of 97.52%, recall of 94.63%, F1‐score of 96.06% and MCC of 92.60%. These promising experimental results consistently demonstrate that AMERDroid is an effective approach for Android malware detection.

engineering, electrical & electronic

Fang Wenbo,Zhang Linlin,Wang Chenyue,Hu Yingjie,Yu Yuaner,Zhao Kai

DOI: https://doi.org/10.1109/dasc-picom-cbdcom-cyberscitech49142.2020.00052

2020-01-01

Abstract:With the continuous expansion of the Android operating system and the market for mobile apps continues to expand, the number of malwares designed for Android is also exploding. Therefore, identifying and detecting malware becomes a challenging task in mobile security. Because of the low detection efficiency by using traditional machine learning methods, we propose a novel Android malware detection method based on multi-model deep learning. Specifically, we select four features of permissions, API, Intent, and hardware components to build the feature vector for each app. In our study, we uses three different deep learning models: DNN (1st Model), Attention-CNN (2nd Model) and Attention-CNN-GRU (3rd Model). When the 1st model and the 2nd model are trained to achieve the optimal classification effect, the parameters of the optimal model training are selected as the input of the 3rd model. Finally, we evaluate the performance of our method on 5,560 malicious and 16,666 benign datasets. The experimental results show that the accuracy of the proposed detection method is 98.74%, which has an obvious competitive advantage over other methods.

Niall McLaughlin,Jesus Martinez del Rincon,BooJoong Kang,Suleiman Yerima,Paul Miller,Sakir Sezer,Yeganeh Safaei,Erik Trickel,Ziming Zhao,Adam Doupé,Gail Joon Ahn

DOI: https://doi.org/10.1145/3029806.3029823

2017-03-22

Abstract:In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.

Yi Zhang,Yuexiang Yang,Xiaolei Wang

DOI: https://doi.org/10.1145/3199478.3199492

2018-01-01

Abstract:With the explosive growth of Android malware, there is a pressure for us to improve the performance of existing malware detection approaches. In this paper, we proposed DeepClassifyDroid, a novel android malware detection system based on deep learning. DeepClassifyDroid takes a three-step approach: feature extraction, feature embedding and deep learning based detection. The first and second steps perform a broad static analysis and generate five different feature sets. The last step performs malware detection based on convolutional neural networks. We evaluated our approach with different feature sets and compared with a variety of machine learning based approaches. Study shows that DeepClassifyDroid outperforms most existing machine learning based approaches and detects 97.4% of the malware with few false alarms. Moreover, our approach is 10 times faster than Linear-SVM and 80 times faster than kNN.

Wei Gu,Hongyan Xing,Tianhao Hou

DOI: https://doi.org/10.1049/2024/2850804

2024-02-17

IET Information Security

Abstract:The continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end-users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a promising approach to defend against that. This kind of method has two limitations: the first is that the current single-permission mechanism is not insufficient to regulate interapplication resource acquisition; another problem is that current work on feature learning is dedicated to modifying a single network structure, which may result in a suboptimal solution. In this study, to solve the abovementioned problems, we propose a novel malware detection framework MFEMDroid, which combines multitype features analysis and ensemble modeling. The Provider feature, facilitating information requests between applications (apps) and serving as an indispensable data storage method, plays a vital role in characterizing app behavior. Hence, we extract permissions and Provider features to comprehensively characterize app behavior and probe potentially dangerous combinations between or within these features. To address oversparse datasets and reduce feature learning overhead, we employ an auto-encoder for feature dimensionality reduction. Furthermore, we design an ensemble network based on SENet, ResNet, and the evolutionary convolutional neural network Squeeze Excitation Residual Network (SEResNet) to explore the hidden associations between different types of features from multiple perspectives. We performed extensive experiments to evaluate its method performance on real-world samples. The evaluation results demonstrate that the proposed framework can detect malware with an accuracy of 95.38%, which is much better than state-of-the-art solutions. These promising experimental results show that MFEMDroid is an effective approach to detect Android malware.

computer science, information systems, theory & methods

Xin Su,Dafang Zhang,Wenjia Li,Kai Zhao

DOI: https://doi.org/10.1109/TrustCom.2016.69

2016-01-01

Abstract:The growing amount and diversity of Android malware has significantly weakened the effectiveness of the conventional defense mechanisms, and thus Android platform often remains unprotected from new and unknown malware. To address these limitations, we propose DroidDeep, a malware detection approach for the Android platform based on the deep learning model. Deep learning emerges as a new area of machine learning research that has attracted increasing attention in artificial intelligence. To implement this, we first extract five types of features from the static analysis of Android apps. Then, we build the deep learning model to learn features from Android apps. Finally, the learned features are used to detect unknown Android malware. In an experiment with 3,986 benign apps and 3,986 malware, DroidDeep outperforms several existing malware detection approaches and achieves a 99.4% detection accuracy. Moreover, DroidDeep can achieve a remarkable run-time efficiency which makes it very easy to adapt to a lager scale of real-world Android malware detection.

Ruitao Feng,Sen Chen,Xiaofei Xie,Guozhu Meng,Shang-Wei Lin,Yang Liu

DOI: https://doi.org/10.1109/TIFS.2020.3025436

2020-09-03

Abstract:Currently, Android malware detection is mostly performed on server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications provided by the official market, apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers from the security threats of attackers. Consequently, a last line of defense on mobile devices is necessary and much-needed. In this paper, we propose an effective Android malware detection system, MobiTive, leveraging customized deep neural networks to provide a real-time and responsive detection environment on mobile devices. MobiTive is a preinstalled solution rather than an app scanning and monitoring engine using after installation, which is more practical and secure. Original deep learning models cannot be directly deployed and executed on mobile devices due to various performance limitations, such as computation power, memory size, and energy. Therefore, we evaluate and investigate the following key points:(1) the performance of different feature extraction methods based on source code or binary code;(2) the performance of different feature type selections for deep learning on mobile devices;(3) the detection accuracy of different deep neural networks on mobile devices;(4) the real-time detection performance and accuracy on different mobile devices;(5) the potential based on the evolution trend of mobile devices' specifications; and finally we further propose a practical solution (MobiTive) to detect Android malware on mobile devices.

Cryptography and Security,Software Engineering

Lichao Zhao,Dan Li,Guangcong Zheng,Wenbo Shi

DOI: https://doi.org/10.1109/icct.2018.8600052

2018-01-01

Abstract:Malware detection is more challenging due to the increase in android malicious programs and the current problems of android malicious detection. This paper proposes an android mobile malware detection system based on deep neural network, a novel malware detection method which uses optimized deep Convolutional Neural Network to learn from opcode sequences. In the proposed detection system, the optimized Convolutional Neural Network is trained multiple times by the raw operation code sequence extracted from the decompiled android file, so that the feature information can be effectively learned and the malicious program can be detected more accurately. More critically, the k-max pooling method with better results was adopted in the pooling operation phase, and which improves the detection effect of the proposed method. The experimental results show that the detection system achieved the accuracy of 99%, which is 2%-11 % higher than the accuracy of the machine learning detection algorithms when using the same dataset. It also ensures that the indicators such as Fl-score, Recall and Precision are maintained above 97%.

Shi Dong,Longhui Shu,Shan Nie

DOI: https://doi.org/10.1109/tii.2024.3363016

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the continuous upgrading and development of malware attack methods, traditional detection methods have shown a series of serious problems such as low classification accuracy, easy overfitting, and high false alarm rate when facing new malware attacks. To address these challenges, this study introduces an innovative deep convolutional neural network (D-CNN) method that cleverly integrates permission features and API call graphs. Learn high-level abstract representation through DNN and combine it with CNN to build multiscale feature representation, aiming to improve the performance of the detection model and enhance the resistance to new malicious attacks. In order to ensure the standardization and representativeness of the data, the Min–Max method is first used to normalize the permission characteristics to ensure the standardization of the data. Second, the ant colony optimization method is used to achieve dimensionality reduction and prevent over-fitting. This article conducts experiments on Drebin and Google Play Store datasets. The results prove that the hybrid structure of D-CNN exhibits a deeper understanding of the data structure and achieves an accuracy of 96.80%, enabling more comprehensive and accurate malware detection and classification. It outperforms single deep learning methods in detection performance.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yanfang Ye,Shifu Hou,Lingwei Chen,Jingwei Lei,Wenqiang Wan,Jiabin Wang,Qi Xiong,Fudong Shao

DOI: https://doi.org/10.48550/arXiv.1811.01027

2019-05-21

Abstract:The explosive growth and increasing sophistication of Android malware call for new defensive techniques that are capable of protecting mobile users against novel threats. In this paper, we first extract the runtime Application Programming Interface (API) call sequences from Android apps, and then analyze higher-level semantic relations within the ecosystem to comprehensively characterize the apps. To model different types of entities (i.e., app, API, IMEI, signature, affiliation) and the rich semantic relations among them, we then construct a structural heterogeneous information network (HIN) and present meta-path based approach to depict the relatedness over apps. To efficiently classify nodes (e.g., apps) in the constructed HIN, we propose the HinLearning method to first obtain in-sample node embeddings and then learn representations of out-of-sample nodes without rerunning/adjusting HIN embeddings at the first attempt. Afterwards, we design a deep neural network (DNN) classifier taking the learned HIN representations as inputs for Android malware detection. A comprehensive experimental study on the large-scale real sample collections from Tencent Security Lab is performed to compare various baselines. Promising experimental results demonstrate that our developed system AiDroid which integrates our proposed method outperforms others in real-time Android malware detection. AiDroid has already been incorporated into Tencent Mobile Security product that serves millions of users worldwide.

Cryptography and Security,Machine Learning

Zhenlong Yuan,Yongqiang Lu,Yibo Xue

DOI: https://doi.org/10.1109/tst.2016.7399288

2016-01-01

Tsinghua Science & Technology

Abstract:Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine (DroidDetector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test DroidDetector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. DroidDetector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.

Muhammad Amin,Babar Shah,Aizaz Sharif,Tamleek Ali,Ki-Il Kim,Sajid Anwar

DOI: https://doi.org/10.1002/ett.3675

IF: 3.6

2019-07-15

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Mobile and cell devices have empowered end users to tweak their cell phones more than ever and introduce applications just as we used to with personal computers. Android likewise portrays an uprise in mobile devices and personal digital assistants. It is an open‐source versatile platform fueling incalculable hardware units, tablets, televisions, auto amusement frameworks, digital boxes, and so forth. In a generally shorter life cycle, Android also has additionally experienced a mammoth development in application malware. In this context, a toweringly large measure of strategies has been proposed in theory for the examination and detection of these harmful applications for the Android platform. These strategies attempt to both statically reverse engineer the application and elicit meaningful information as features manually or dynamically endeavor to quantify the runtime behavior of the application to identify malevolence. The overgrowing nature of Android malware has enormously debilitated the support of protective measures, which leaves the platforms such as Android feeble for novel and mysterious malware. Machine learning is being utilized for malware diagnosis in mobile phones as a common practice and in Android distinctively. It is important to specify here that these systems, however, utilize and adapt the learning‐based techniques, yet the overhead of hand‐created features limits ease of use of such methods in reality by an end user. As a solution to this issue, we mean to make utilization of deep learning–based algorithms as the fundamental arrangement for malware examination on Android. Deep learning turns up as another way of research that has bid the scientific community in the fields of vision, speech, and natural language processing. Of late, models set up on deep convolution networks outmatched techniques utilizing handmade descriptive features at various undertakings. Likewise, our proposed technique to cater malware detection is by design a deep learning model making use of generative adversarial networks, which is responsible to detect the Android malware via famous two‐player game theory for a rock‐paper‐scissor problem. We have used three state‐of‐the‐art datasets and augmented a large‐scale dataset of opcodes extracted from the Android Package Kit bytecode and used in our experiments. Our technique achieves F1 score of 99% with a receiver operating characteristic of 99% on the bytecode dataset. This proves the usefulness of our technique and that it can generally be adopted in real life.</p>

telecommunications

Wei Wang,Mengxue Zhao,Jigang Wang

DOI: https://doi.org/10.1007/s12652-018-0803-6

IF: 3.662

2018-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Android security incidents occurred frequently in recent years. To improve the accuracy and efficiency of large-scale Android malware detection, in this work, we propose a hybrid model based on deep autoencoder (DAE) and convolutional neural network (CNN). First, to improve the accuracy of malware detection, we reconstruct the high-dimensional features of Android applications (apps) and employ multiple CNN to detect Android malware. In the serial convolutional neural network architecture (CNN-S), we use Relu, a non-linear function, as the activation function to increase sparseness and “dropout” to prevent over-fitting. The convolutional layer and pooling layer are combined with the full-connection layer to enhance feature extraction capability. Under these conditions, CNN-S shows powerful ability in feature extraction and malware detection. Second, to reduce the training time, we use deep autoencoder as a pre-training method of CNN. With the combination, deep autoencoder and CNN model (DAE-CNN) can learn more flexible patterns in a short time. We conduct experiments on 10,000 benign apps and 13,000 malicious apps. CNN-S demonstrates a significant improvement compared with traditional machine learning methods in Android malware detection. In details, compared with SVM, the accuracy with the CNN-S model is improved by 5%, while the training time using DAE-CNN model is reduced by 83% compared with CNN-S model.