A Hybrid Approach for Android Malicious Software Classification

Abstract

Android operating systems have grown in popularity and are currently being increasingly used on smartphone devices. Because of the quickly expanding quantity of Android malware and the potential safeguard of vast amounts of data kept on Android devices, the identification and categorization of Android malware is regarded as a big data challenge. Researchers started using deep learning (DL) techniques for malware detection, according to the most recent state-of-the-art studies. Nevertheless, researchers and practitioners face challenges such as the choice of DL architecture, extracting and processing features and evaluating results. In this paper, several traditional and hybrid machine learning (ML) models were developed and analyzed in detail to classify Android malware. First, some state-of-the-art DL model has been developed like multi-layer perceptron (MLP), deep neural network (DNN), recurrent neural network (RNN), long short-term memory (LSTM), convolutional neural network (CNN) and later several hybrid models have been developed by combining DNNs with support vector machine (SVM). Second, we have focused on maximizing achievement by fine-tuning a variety of configurations to guarantee the best possible combination of the hyper-parameters and attain the maximum statistical metric value. Finally, we have accomplished performance analysis between these hybrid models and a model based on VGG-16-CNN-1D along with SVM has been proposed to enhance the accuracy and efficacy of large-scale Android malware detection which outperforms all the other developed models using Drebin Dataset. Among the DL methods, DNN achieved the highest F1 score 99.07%. After doing a comparison between hybrid models, it was found that DNN-SVM achieved 99.12% while VGG16-CNN-1D-SVM achieved 98.56% precision, 98.78% recall and 99.20% F1 score, respectively.