Qing Yang,Xiaoliang Wang,Jing Zheng,Wenqi Ge,Ming Bai,Frank Jiang

DOI: https://doi.org/10.3837/tiis.2021.06.014

2021-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.

Ruihai Ge,Yongzheng Zhang,Shuhao Li,GuoQiao Zhou

DOI: https://doi.org/10.1109/ijcnn55064.2022.9892476

2022-01-01

Abstract:The desperate increase of mobile malware has constituted a severe threat to user privacy, economic life, and cyberspace security. Existing anti-malware solutions have notice-able weaknesses due to the adoption of content analysisbased approaches. The main limitation of these approaches is that they rely on careful expert engineering and professional handcrafted input features. Some researchers have tried to solve this limitation by using deep learning models to automatically learn feature representations from raw traffic. In this paper, we explore a deep learning detection framework based on self-attention to discriminate between malicious and benign network traffic. As a major advantage with respect to the state-of-the-art methods, we point out that the attention mechanism can better learn the underlying features of malicious traffic in terms of flows and bytes. We design a dual-branch deep learning method that consists of a flow importance-discrimination branch and a byte importance-discrimination branch. The flow importance-discrimination branch calculates the attentions between flows to obtain the feature contributions of different flows, and the byte importance-discrimination branch builds the feature contributions of diverse bytes by considering the connections among all bytes of network payload. Both flow features and byte features are combined to enhance the representation ability of network traffic behaviors generated by mobile applications (apps). We evaluate proposed method using a publicly available dataset including 55,992 malicious traffic traces and 47,779 benign traffic traces. The experimental results demonstrate that our method is able to identify malicious apps with high accuracy, outperforming the baseline methods and the popular deep-learning models.

Peng Yujie,Niu Weina,Zhang Xiaosong,Zhou Jie,Wu Hao,Chen Ruidong

DOI: https://doi.org/10.1109/iccwamtip51612.2020.9317489

2020-01-01

Abstract:Android security accidents frequently occurred in recent years. It has become an urgent need to propose a method for efficiently detecting and classifying Android malware. Many existing machine learning-based methods often require a lot of time for feature engineering, making it time-consuming to classify malware. To accurately and rapidly detect and classify Android malware, this paper proposes an end-to-end Android malware classification model based on traffic analysis and deep learning. The model uses traffic data generated during the Android APP's runtime as input. First, the traffic data will be processed by a third-party traffic removal module based on the idea of clustering to remove impurity traffic that is not conducive to the classification. Then the pure traffic is converted into pure traffic images which can represent traffic characteristics. Finally, a novel convolutional neural network model named 1.5D-CNN is applied to detect and classify malware by classifying these images. The model was trained and tested on a real Android traffic dataset named CICAndMal2017 which contains the traffic data of benign APPs and four types of malware, and it achieved an average accuracy of 98.5%. Compared with traditional machine learning methods, precision and recall both increased by more than 20 percentage points on average.

Jiayin Feng,Limin Shen,Zhen Chen,Yuying Wang,Hui Li

DOI: https://doi.org/10.1109/access.2020.3008081

IF: 3.9

2020-01-01

IEEE Access

Abstract:Because of the characteristic of openness and flexibility, Android has become the most popular mobile platform. However, it has also become the most targeted system by mobile malware. It is necessary for the users to have a fast and reliable detection method. In this paper, a two-layer method is proposed to detect malware in Android APPs. The first layer is permission, intent and component information based static malware detection model. It combines the static features with fully connected neural network to detect the malware and test its effectiveness through experiment, the detection rate of the first layer is 95.22%. Then the result (benign APPs from the first layer) is input into the second layer. In the second layer, a new method CACNN which cascades CNN and AutoEncoder, is used to detect malware through network traffic features of APPs. The detection rate of the second layer is 99.3% in binary classification (2-classifier). Moreover, the new two-layer model can also detect malware by its category (4-classifier) and malicious family (40-classifier). The detection rates are 98.2% and 71.48% respectively. The experimental results show that our two-layer method not only can achieve semi-supervise learning, but also can effectively improve the detection rate of malicious Android APPs.

Zhaoxuan Li,Ziming Zhao,Rui Zhang,Haoyang Lu,Wenhao Li,Fan Zhang,Siqi Lu,Rui Xue

DOI: https://doi.org/10.1016/j.comnet.2024.110563

IF: 5.493

2024-01-01

Computer Networks

Abstract:The continuous emergence of malware has threatened to the Android platform and user privacy. With the evolution of the Android system and malware, it is challenging to design a method that can accurately identify the categories of sophisticated malware, including known and unknown families, as well as their obfuscated variants, given that they may be newly emerging and lack available detection knowledge. Although some methods try to use anomaly detection and zero-shot technology to identify unseen applications, they are limited to binary classification or lack the robustness, stability, universality, and interpretability in multi-class identification. To this end, we first propose a generic meta-features mining algorithm, which can discover the potential relationships between samples belonging to the same category. Then we present metaNet, a novel method leveraging meta-features to identify sophisticated Android malware. Specifically, metaNet is mainly powered by four components: (i) mExtractor is a feature collector to obtain the static and dynamic features. (ii) mProcessor is taking unique meta-features of each category from extracted features. (iii) mLearner is a machine learning suite that leverages features and meta-features to design and train a classifier called HSU-Net. (iv) mEnforcer is a flexible deployer that identifies categories of malware families in the real world. We implement a prototype of metaNet with 15K lines of Python code and compare it with state-of-the-art (SOTA) methods. The results show that it can not only achieve superior performance in terms of known families (99.52% of accuracy) and unknown families (99.31% of accuracy trained with 80% known families) for binary classification, but also perform well in multi-class identification, i.e., 99.05% and 93.45% of accuracy for known and unknown families, respectively. Furthermore, we deploy and evaluate metaNet in the real world. It can identify applications over an acceptable time and memory overheads, i.e., average of 11.8s and 56MB per sample with a size of 8MB. Also, the few-shot detection and feature perturbation experiments reflect its robustness and stability benefiting from meta-features. Finally, we collect the traffic of 112 decentralized applications (DApps) belonging to 16 categories, such as finance and health, and evaluated metaNet in DApp identification. The results illustrate its applicability across various tasks. That is, it can accurately classify 94.6% and 81.36% of DApp flows in all-known and 80%-known DApp scenarios, respectively, outperforming the SOTA methods.

Chao Ding,Nurbol Luktarhan,Bei Lu,Wenhui Zhang

DOI: https://doi.org/10.3390/e23081009

2021-08-03

Abstract:With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.

Hanlin Long,Zhicheng Tian,Yang Liu

DOI: https://doi.org/10.1109/csp51677.2021.9357569

2021-01-01

Abstract:The mechanism of running software on virtual machines partly ensures the security of Android system. However, with all kinds of malicious codes being developed, there has been a huge number of massive security incidents caused by malware on Android. Malware has various code patterns, but their behaviors are measurable. In this paper, a new method of detecting Android malware by analyzing malware's behaviors is proposed. The method is characterized by the ability to mine the contextual relationships between system calls and network activities. Besides, the method requires only a small data set to achieve good classification performance. We propose a set of methods for automatically collecting and organizing dynamic features from Android application Based on the collected features, deep neural network is used to classify software samples. We validate the effectiveness of the proposed method on a set of 2210 applications obtained from Androzoo. The experimental results demonstrate that the proposed method has high detection accuracy against wild malware as compared with other methods. We propose a set of methods for automatically collecting and organizing dynamic features from Android application Based on the collected features, deep neural network is used to classify software samples. We validate the effectiveness of the proposed method on a set of 2210 applications obtained from Androzoo. The experimental results demonstrate that the proposed method has high detection accuracy against wild malware as compared with other methods.

Genchao Ye,Jian Zhang,Huanzhou Li,Zhangguo Tang,Tianzi Lv

DOI: https://doi.org/10.1155/2022/8893764

IF: 1.968

2022-03-16

Security and Communication Networks

Abstract:With the rapid development of Android, a major mobile Internet platform, Android malware attacks have become the number one threat to mobile Internet security. Traditional malware detection methods have low precision and greater time complexity. At present, image detection methods based on deep learning are used in malware detection. However, most of these methods are based on the largescale convolutional neural network model (such as VGG16). The computation and weight files of these models are very large, so they are not suitable for mobile Internet platforms with limited computation. A novel detection method based on a lightweight convolutional neural network is presented in this study. It transforms Android malware classes.dex, Androidmanifest.xml, and resource.arsc into RGB images and uses the lightweight convolutional neural network to extract the features of RGB images automatically. The experimental results of this study indicate that the method performs well in terms of precision and speed of detection.

computer science, information systems,telecommunications

Bo Sun,Takeshi Takahashi,Tao Ban,Daisuke Inoue

DOI: https://doi.org/10.1145/3464323

2022-06-30

ACM Transactions on Management Information Systems

Abstract:To relieve the burden of security analysts, Android malware detection and its family classification need to be automated. There are many previous works focusing on using machine (or deep) learning technology to tackle these two important issues, but as the number of mobile applications has increased in recent years, developing a scalable and precise solution is a new challenge that needs to be addressed in the security field. Accordingly, in this article, we propose a novel approach that not only enhances the performance of both Android malware and its family classification, but also reduces the running time of the analysis process. Using large-scale datasets obtained from different sources, we demonstrate that our method is able to output a high F-measure of 99.71% with a low FPR of 0.37%. Meanwhile, the computation time for processing a 300K dataset is reduced to nearly 3.3 hours. In addition, in classification evaluation, we demonstrate that the F-measure, precision, and recall are 97.5%, 96.55%, 98.64%, respectively, when classifying 28 malware families. Finally, we compare our method with previous studies in both detection and classification evaluation. We observe that our method produces better performance in terms of its effectiveness and efficiency.

Wenhao fan,Liang Zhao,Jiayang Wang,Ye Chen,Fan Wu,Yuan'an Liu

DOI: https://doi.org/10.48550/arXiv.2101.03965

2021-01-29

Abstract:Android is currently the most extensively used smartphone platform in the world. Due to its popularity and open source nature, Android malware has been rapidly growing in recent years, and bringing great risks to users' privacy. The malware applications in a malware family may have common features and similar behaviors, which are beneficial for malware detection and inspection. Thus, classifying Android malware into their corresponding families is an important task in malware analysis. At present, the main problem of existing research works on Android malware family classification lies in that the extracted features are inadequate to represent the common behavior characteristics of the malware in malicious families, and leveraging a single classifier or a static ensemble classifier is restricted to further improve the accuracy of classification. In this paper, we propose FamDroid, a learning-based Android malware family classification scheme using static analysis technology. In FamDroid, the explicit features including permissions, hardware components, app components, intent filters are extracted from the apk files of a malware application. Besides, a hidden feature generated from the extracted APIs is used to represents the API call relationship in the application. Then, we design an adaptive weighted ensemble classifier, which considers the adaptability of the sample to each base classifier, to carry out accurate malware family classification. We conducted experiments on the Drebin dataset which contains 5560 Android malicious applications. The superiority of FamDroid is demonstrated through comparing it with 5 traditional machine learning models and 4 state-of-the-art reference schemes. FamDroid can correctly classify 98.92% of malware samples into their families and achieve 99.12% F1-Score.

Cryptography and Security

Qi Xie,Yongjun Wang,Zhiquan Qin

DOI: https://doi.org/10.1109/CISP-BMEI51763.2020.9263499

2020-01-01

Abstract:As the damage caused by malware gets severer and involves a wider range of fields, the capability of detecting and classifying the malware becomes increasingly urgent and significant. Modern malware are usually equipped with metamorphic and polymorphic techniques, which means that malware from the same family might be modified. It is noteworthy that dynamic analysis can partially tackle those anti-static techniques. However, many malware authors have already realized that more dynamic methods are employed in malware analysis. Therefore, this field still suffers heavily from the anti-dynamic techniques. To address these problems, this paper first utilizes the static approach to disassembly the malware and obtains the assembly code. Harnessing the power of word embedding, our method then effectively learns the relationships of instructions within each block split by jump instructions and represents them as vectors. These vectors are fed into the LSTM to get each block's representative features. We then incorporate the attention mechanism to reduce these junk codes which belongs to one of the anti-static analysis techniques or atypical features, and thus our method can obtain significantly better feature representation capability of a malware file. Empirical experiments show that our method prevails its competitors and achieves the best performance with an accuracy of 94.25% and an f1 score of 0.95 on a dataset with 16,718 samples from 6 malware families.

Hui-Juan Zhu,Liang-Min Wang,Sheng Zhong,Yang Li,Victor S. Sheng,Huijuan Zhu,Liangmin Wang

DOI: https://doi.org/10.1109/tkde.2021.3067658

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Android is a growing target for malicious software (malware) because of its popularity and functionality. Malware poses a serious threat to users' privacy, money, equipment and file integrity. A series of data-driven malware detection methods were proposed. However, there exist two key challenges for these methods: (1) how to learn effective feature representation from raw data; (2) how to reduce the dependence on the prior knowledge or human labors in feature learning. Inspired by the success of deep learning methods in the feature representation learning community, we propose a malware detection framework which starts with learning rich-features by a novel unsupervised feature learning algorithm Merged Sparse Auto-Encoder (MSAE). In order to extract more compact and discriminative feature from the rich-features to further boost the malware detection capability, a hybrid deep network learning algorithm Stacked Hybrid Learning MSAE and SDAE (SHLMD) is established by further incorporating a classical deep learning method Stacked Denoising Auto-encoders (SDAE). After that, we feed the feature learned by MSAE and SHLMD respectively to classification algorithms, e.g., Support Vector Machine (SVM) or K-NearestNeighbor (KNN), to train a malware detection model. Evaluation results on two real-world datasets demonstrate that SHLMD achieves 94.46 and 90.57 percent accuracy respectively, which outperforms the classical unsupervised feature representation learning Sparse Auto-encoder (SAE). MSAE performs similarly to SAE. SHLMD can further improve the performance of MSAE and the supervised fine-tuned method SDAE. Besides, we compare the performance of our methods with that of state-of-the-art detection approaches, including classical deep-learning-based methods. Extensive experiments show that our proposed methods are effective enough to detect Android malware.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Qingguo Zhou,Fang Feng,Zebang Shen,Rui Zhou,Meng-Yen Hsieh,Kuan-Ching Li

DOI: https://doi.org/10.1007/s11042-018-6498-z

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:With the increasing number of malicious attacks, the way how to detect malicious Apps has drawn attention in mobile technology market. In this paper, we proposed a detection model to seek and track malware Apps actions in such devices. To characterize the behaviors of Apps, dynamic features of each App were constrained in 166-dimension and a novel machine learning classifier is employed to detect malware Apps, and alarm will be triggered if an Android-based App is detected as malicious. With such, we can avoid a detected malware spreading out in larger scale, affecting extensively our society. Detailed description of the detection model is provided, as well the core technologies of this novel machine learning classifier are presented. From experiments performed on a set of Android-based malware and benign Apps, we observe that the proposed classification algorithm achieves highest accuracy, true-positive rate, false-positive rate, precision, recall, f-measure in comparison to other methods as K-Nearest Neighbor (KNN), Naive Bayesian (NB), Support Vector Machine (SVM), Random Forest (RF), Logistic Regression (LR), Decision tree (DT), Linear Discriminant Analysis (LDA) and Back Propagation (BP). The proposed detection model is promising and can effectively be applied to Android malware detection, providing early detection and the prospect of warning users of threatens ahead.

Xi Xiao,Shaofeng Zhang,Francesco Mercaldo,Guangwu Hu,Arun Kumar Sangaiah

DOI: https://doi.org/10.1007/s11042-017-5104-0

IF: 2.577

2017-01-01

Multimedia Tools and Applications

Abstract:As Android-based mobile devices become increasingly popular, malware detection on Android is very crucial nowadays. In this paper, a novel detection method based on deep learning is proposed to distinguish malware from trusted applications. Considering there is some semantic information in system call sequences as the natural language, we treat one system call sequence as a sentence in the language and construct a classifier based on the Long Short-Term Memory (LSTM) language model. In the classifier, at first two LSTM models are trained respectively by the system call sequences from malware and those from benign applications. Then according to these models, two similarity scores are computed. Finally, the classifier determines whether the application under analysis is malicious or trusted by the greater score. Thorough experiments show that our approach can achieve high efficiency and reach high recall of 96.6% with low false positive rate of 9.3%, which is better than the other methods.

Zhiqiang Wang,Gefei Li,Zihan Zhuo,Xiaorui Ren,Yuheng Lin,Jieming Gu

DOI: https://doi.org/10.1155/2022/1289175

IF: 1.968

2022-02-24

Security and Communication Networks

Abstract:Android has become the most popular mobile intelligent operating system with its open platform, diverse applications, and excellent user experience. However, at the same time, more and more attackers take Android as the primary target. The application store, which is the main download source for users, still does not have a complete security authentication mechanism. Given the above problems, we designed an Android application classification model based on multiple semantic features. Firstly, we use analysis tools to automatically extract the application’s dynamic and static features into the text document and use variance and chi-square tests to optimize the features. Combined with natural language processing (NLP), we transform the feature file into a two-dimensional matrix and use the convolution neural network (CNN) to learn features efficiently. Also, to make the model satisfy more application scenarios, we design a dynamic adjustment method according to user requirements, the number of features, and other indicators. The experimental results demonstrate that the detection accuracy of malware is 99.3921%. We also measure this model’s performance in detecting a malware family and benign application, with the classification accuracy of 99.5614% and 99.9046%, respectively.

computer science, information systems,telecommunications

Shaojie Yang,Yongjun Wang,Haoran Xu,Fangliang Xu,Mantun Chen

DOI: https://doi.org/10.1016/j.cose.2022.102915

IF: 5.105

2022-01-01

Computers & Security

Abstract:Android malware detection is a serious issue for mobile security. Recent machine learning-based research could achieve high accuracy. However, there are far more unlabeled samples in the application scenario, while most studies must depend on labeled data for training. This paper proposed, as a solution, a framework based on contrastive learning that attempted to reduce the impact of past knowledge and pretrain the model without the participation of labels. The result indicated that the method could reach an accuracy above 96% for malware identification on public datasets and above 98% for multiclass detection (malware class and family). In addition, the model could have higher performance than the same supervised model under the condition of a small proportion of labeled samples. Comparable performance to supervised approaches validated the feasibility of contrastive learning on malware detection by demonstrating its viability. Nonetheless, there are still gaps to be overcome in the future.

Zhenyu Cheng,Xunxun Chen,Yongzheng Zhang,Shuhao Li,Yafei Sang

DOI: https://doi.org/10.1109/nas.2017.8026853

2017-01-01

Abstract:With the widespread use of smartphones, more and more malicious attacks happen with information leakage from apps installed on users' devices. The adversary always uses a malware as the client to take remote control of smartphones, and leverages the vulnerability of operation systems to send back the collected information without users' permissions. All the information has to be transferred by network traffic. In this paper, we consider that different apps maybe generate different network flows by different operations, and the "shapes" of the benign flows and malicious ones will be diverse. Thus we propose a detection model based on the analysis of relationships between behavior patterns and network flows, which achieves our goal by using the Random Forest machine learning algorithm to classify the network flows into benign or malicious. To further improve the controllability of the experiment, we design an app called Moledroid to simulate malwares by uploading the user's privacy without authorization, in addition, we can change the behavior pattern of the app to complete our evaluation. Finally, we run this app and several benign apps to generate traffic to detect the malicious network flows, and it shows that our detection model can achieve precision and accuracy higher than 95%, which demonstrates that our model is suitable for detecting the network flows of information theft.

TianYue Liu,HongQi Zhang,HaiXia Long,Jinmei Shi,YuHua Yao

DOI: https://doi.org/10.1038/s41598-022-18402-6

2022-08-17

Abstract:Deep learning technology is changing the landscape of cybersecurity research, especially the study of large amounts of data. With the rapid growth in the number of malware, developing of an efficient and reliable method for classifying malware has become one of the research priorities. In this paper, a new method, BIR-CNN, is proposed to classify of Android malware. It combines convolution neural network (CNN) with batch normalization and inception-residual (BIR) network modules by using 347-dim network traffic features. CNN combines inception-residual modules with a convolution layer that can enhance the learning ability of the model. Batch Normalization can speed up the training process and avoid over-fitting of the model. Finally, experiments are conducted on the publicly available network traffic dataset CICAndMal2017 and compared with three traditional machine learning algorithms and CNN. The accuracy of BIR-CNN is 99.73% in binary classification (2-classifier). Moreover, the BIR-CNN can classify malware by its category (4-classifier) and malicious family (35-classifier), with a classification accuracy of 99.53% and 94.38%, respectively. The experimental results show that the proposed model is an effective method for Android malware classification, especially in malware category and family classifier.

Junwei Tang,Wei Xu,Tao Peng,Sijie Zhou,Qiaosen Pi,Ruhan He,Xinrong Hu

DOI: https://doi.org/10.1016/j.jisa.2024.103721

IF: 4.96

2024-01-01

Journal of Information Security and Applications

Abstract:Mobile applications have been deeply integrated into the daily life of ordinary users. Android malware seriously threatens the privacy and property security of users. However, code obfuscation and other technologies have reduced the effectiveness of traditional static analysis methods, and more and more studies are extracting grayscale image features for malware detection. We propose a classification method for Android malware based on a novel mixed bytecode image and deep neural network combined with attention mechanism. Firstly, for the executable file of the target malware, read one character every 8 bits, fix the line and width, and output it as a vector. Each element in this vector is between 0 and 255, which is the range of values for grayscale images. Furthermore, the executable files are generated into grayscale images and Markov images, respectively. Then a new texture feature space is constructed by the fusion of grayscale and Markov images using the transfer probability, which is mapped to a two-dimensional space to obtain the mixed image feature. The constructed fusion feature space can more clearly characterize Android malware. What is more, the convolutional attention mechanism is added to ResNet to increase the depth of the network and improve the network effect. Finally, experiments are performed on Drebin and CICMalDroid 2020. Our experimental results show that our method can efficiently perform uniform representation of bytecode sequence files and extract and classify feature sequences. On the basis of mixed image features, the accuracy of malware detection can reach 98.67%, which outperforms the classification based on Markov images, grayscale images and other similar methods.

Jaiteg Singh,Deepak Thakur,Farman Ali,Tanya Gera,Kyung Sup Kwak

DOI: https://doi.org/10.3390/s20247013

IF: 3.9

2020-12-08

Sensors

Abstract:The Android operating system has gained popularity and evolved rapidly since the previous decade. Traditional approaches such as static and dynamic malware identification techniques require a lot of human intervention and resources to design the malware classification model. The real challenge lies with the fact that inspecting all files of the application structure leads to high processing time, more storage, and manual effort. To solve these problems, optimization algorithms and deep learning has been recently tested for mitigating malware attacks. This manuscript proposes Summing of neurAl aRchitecture and VisualizatiOn Technology for Android Malware identification (SARVOTAM). The system converts the malware non-intuitive features into fingerprint images to extract the quality information. A fine-tuned Convolutional Neural Network (CNN) is used to automatically extract rich features from visualized malware thus eliminating the feature engineering and domain expert cost. The experiments were done using the DREBIN dataset. A total of fifteen different combinations of the Android malware image sections were used to identify and classify Android malware. The softmax layer of CNN was substituted with machine learning algorithms like K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Random Forest (RF) to analyze the grayscale malware images. It observed that CNN-SVM model outperformed original CNN as well as CNN-KNN, and CNN-RF. The classification results showed that our method is able to achieve an accuracy of 92.59% using Android certificates and manifest malware images. This paper reveals the lightweight solution and much precise option for malware identification.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation